Search...

CVE-2005-3261

2005-10-20T10:02:00

ID CVE-2005-3261
Type cve
Reporter cve@mitre.org
Modified 2016-10-18T03:34:00

Description

getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the versions of all installed scripts, which allows remote attackers to obtain sensitive information via a direct request.

JSON Vulners Source

Initial Source

{"id": "CVE-2005-3261", "bulletinFamily": "NVD", "title": "CVE-2005-3261", "description": "getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the versions of all installed scripts, which allows remote attackers to obtain sensitive information via a direct request.", "published": "2005-10-20T10:02:00", "modified": "2016-10-18T03:34:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3261", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/15075", "http://rgod.altervista.org/versatile100RC2.html", "http://www.osvdb.org/19973", "http://secunia.com/advisories/17174/", "http://marc.info/?l=bugtraq&m=112907535528616&w=2"], "cvelist": ["CVE-2005-3261"], "type": "cve", "lastseen": "2019-05-29T18:08:15", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "e2117f8810937417bebd3e63b85e878e"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f859c92c7e029889037ec2bd332192e9"}, {"key": "cpe23", "hash": "ce3c20096b0f058a23af7eb71086142e"}, {"key": "cvelist", "hash": "baecdb7043ae3979c9a275abf8bc688e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "591b21f86140b4e61a2cc391eb85c057"}, {"key": "href", "hash": "95c0e5040daab9c9a4988fd1c907a493"}, {"key": "modified", "hash": "39f1d395bf73f4ead68118e33f8c67a4"}, {"key": "published", "hash": "99de9d0cfea0a90a625e59b645b324d7"}, {"key": "references", "hash": "3541084d903feecb83fc2886233b47c4"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "2b744f7aba3931e37de3af60b4f740a8"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "78462ebde11fcd67770b491a0258f544ddf3bef0e619f945ff7a87906402488e", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:19973"]}], "modified": "2019-05-29T18:08:15"}, "score": {"value": 5.0, "vector": "NONE", "modified": "2019-05-29T18:08:15"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:versatilebulletinboard:versatilebulletinboard:1.0.0.rc2"], "affectedSoftware": [{"name": "versatilebulletinboard versatilebulletinboard", "operator": "eq", "version": "1.0.0.rc2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:versatilebulletinboard:versatilebulletinboard:1.0.0.rc2:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nversatileBulletinBoard (vBB) contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when a remote attacker calls the getversions.php script, which will disclose detailed file and version information resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nversatileBulletinBoard (vBB) contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when a remote attacker calls the getversions.php script, which will disclose detailed file and version information resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[target]/[path]/getversions.php\n## References:\nVendor URL: http://vbb.eniki.de/\n[Secunia Advisory ID:17174](https://secuniaresearch.flexerasoftware.com/advisories/17174/)\n[Related OSVDB ID: 19966](https://vulners.com/osvdb/OSVDB:19966)\n[Related OSVDB ID: 19962](https://vulners.com/osvdb/OSVDB:19962)\n[Related OSVDB ID: 19963](https://vulners.com/osvdb/OSVDB:19963)\n[Related OSVDB ID: 19964](https://vulners.com/osvdb/OSVDB:19964)\n[Related OSVDB ID: 19967](https://vulners.com/osvdb/OSVDB:19967)\n[Related OSVDB ID: 19972](https://vulners.com/osvdb/OSVDB:19972)\n[Related OSVDB ID: 19969](https://vulners.com/osvdb/OSVDB:19969)\n[Related OSVDB ID: 19970](https://vulners.com/osvdb/OSVDB:19970)\n[Related OSVDB ID: 19965](https://vulners.com/osvdb/OSVDB:19965)\n[Related OSVDB ID: 19968](https://vulners.com/osvdb/OSVDB:19968)\n[Related OSVDB ID: 19971](https://vulners.com/osvdb/OSVDB:19971)\nOther Advisory URL: http://rgod.altervista.org/versatile100RC2.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0120.html\n[CVE-2005-3261](https://vulners.com/cve/CVE-2005-3261)\nBugtraq ID: 15075\n", "modified": "2005-10-10T08:19:48", "published": "2005-10-10T08:19:48", "href": "https://vulners.com/osvdb/OSVDB:19973", "id": "OSVDB:19973", "type": "osvdb", "title": "versatileBulletinBoard (vBB) getversions.php Information Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}