Lucene search

[email protected]CVE-2005-2259

HistoryJul 13, 2005 - 4:00 a.m.

CVE-2005-2259

2005-07-1304:00:00

[email protected]

web.nvd.nist.gov

cve-2005-2259

usanet creations

remote code execution

vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.4%

JSON

The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.

Affected configurations

NVD

Node

usanet_creationsdomain_name_auction

usanet_creationsmakebid_auction_deluxe

usanet_creationsmakebid_auction_deluxeMatch3.30

usanet_creationsmakebid_auction_standard

usanet_creationsmakebid_reverse_auction

usanet_creationsstandard_classified_ads

usanet_creationsusanet_shopping_mall

CPENameOperatorVersion
usanet_creations:domain_name_auctionusanet creations domain name auctioneq*
usanet_creations:makebid_auction_deluxeusanet creations makebid auction deluxeeq*
usanet_creations:makebid_auction_deluxeusanet creations makebid auction deluxeeq3.30
usanet_creations:makebid_auction_standardusanet creations makebid auction standardeq*
usanet_creations:makebid_reverse_auctionusanet creations makebid reverse auctioneq*
usanet_creations:standard_classified_adsusanet creations standard classified adseq*
usanet_creations:usanet_shopping_mallusanet creations usanet shopping malleq*

CPE	Name	Operator	Version
usanet_creations:domain_name_auction	usanet creations domain name auction	eq	*
usanet_creations:makebid_auction_deluxe	usanet creations makebid auction deluxe	eq	*
usanet_creations:makebid_auction_deluxe	usanet creations makebid auction deluxe	eq	3.30
usanet_creations:makebid_auction_standard	usanet creations makebid auction standard	eq	*
usanet_creations:makebid_reverse_auction	usanet creations makebid reverse auction	eq	*
usanet_creations:standard_classified_ads	usanet creations standard classified ads	eq	*
usanet_creations:usanet_shopping_mall	usanet creations usanet shopping mall	eq	*

References

secunia.com/advisories/15985

securitytracker.com/id?1014411

www.securityfocus.com/bid/14179

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2005-2259

nvd1 cvelist1