ID CVE-2005-3261 Type cve Reporter cve@mitre.org Modified 2016-10-18T03:34:00
Description
getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the versions of all installed scripts, which allows remote attackers to obtain sensitive information via a direct request.
{"osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3261"], "edition": 1, "description": "## Vulnerability Description\nversatileBulletinBoard (vBB) contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when a remote attacker calls the getversions.php script, which will disclose detailed file and version information resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nversatileBulletinBoard (vBB) contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when a remote attacker calls the getversions.php script, which will disclose detailed file and version information resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[target]/[path]/getversions.php\n## References:\nVendor URL: http://vbb.eniki.de/\n[Secunia Advisory ID:17174](https://secuniaresearch.flexerasoftware.com/advisories/17174/)\n[Related OSVDB ID: 19966](https://vulners.com/osvdb/OSVDB:19966)\n[Related OSVDB ID: 19962](https://vulners.com/osvdb/OSVDB:19962)\n[Related OSVDB ID: 19963](https://vulners.com/osvdb/OSVDB:19963)\n[Related OSVDB ID: 19964](https://vulners.com/osvdb/OSVDB:19964)\n[Related OSVDB ID: 19967](https://vulners.com/osvdb/OSVDB:19967)\n[Related OSVDB ID: 19972](https://vulners.com/osvdb/OSVDB:19972)\n[Related OSVDB ID: 19969](https://vulners.com/osvdb/OSVDB:19969)\n[Related OSVDB ID: 19970](https://vulners.com/osvdb/OSVDB:19970)\n[Related OSVDB ID: 19965](https://vulners.com/osvdb/OSVDB:19965)\n[Related OSVDB ID: 19968](https://vulners.com/osvdb/OSVDB:19968)\n[Related OSVDB ID: 19971](https://vulners.com/osvdb/OSVDB:19971)\nOther Advisory URL: http://rgod.altervista.org/versatile100RC2.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0120.html\n[CVE-2005-3261](https://vulners.com/cve/CVE-2005-3261)\nBugtraq ID: 15075\n", "modified": "2005-10-10T08:19:48", "published": "2005-10-10T08:19:48", "href": "https://vulners.com/osvdb/OSVDB:19973", "id": "OSVDB:19973", "type": "osvdb", "title": "versatileBulletinBoard (vBB) getversions.php Information Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}