Yves Goergen BlackBoard Internet Newsboard System cp.inc.php Path Disclosure
2004-10-06T00:00:00
ID OSVDB:10541 Type osvdb Reporter Lin Xiaofeng(cracklove@gmail.com) Modified 2004-10-06T00:00:00
Description
Vulnerability Description
Yves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker directly accesses cp.inc.php and receives error messages, which will disclose server path information resulting in a loss of confidentiality.
Solution Description
Upgrade to version 1.5.1-h or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Yves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker directly accesses cp.inc.php and receives error messages, which will disclose server path information resulting in a loss of confidentiality.
References:
Security Tracker: 1011551
Secunia Advisory ID:12757Related OSVDB ID: 10539Related OSVDB ID: 10540
Other Advisory URL: http://blackboard.unclassified.de/70,1#1031
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0044.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0057.html
ISS X-Force ID: 17636
CVE-2004-1581
{"type": "osvdb", "published": "2004-10-06T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10541", "hashmap": [{"key": "affectedSoftware", "hash": "7a8f1e5c5048b80e5de7c2a047488160"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "1a2aa523dca3f706df35517784225341"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "18059e5fa5ded8154848a44f8bb2ec32"}, {"key": "href", "hash": "17e6c758d757f29647ad16ea64aeebea"}, {"key": "modified", "hash": "b1b883cc81b9e692ad8257b57f50dd7e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "b1b883cc81b9e692ad8257b57f50dd7e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6f09f6a54a4238a29c75be131c338646"}, {"key": "title", "hash": "d7746d78a2e9d27f54a214d612e71055"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 5.0}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Lin Xiaofeng(cracklove@gmail.com)", "title": "Yves Goergen BlackBoard Internet Newsboard System cp.inc.php Path Disclosure", "affectedSoftware": [{"operator": "eq", "version": "1.5.1", "name": "BlackBoard Internet Newsboard"}], "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1581"]}, {"type": "osvdb", "idList": ["OSVDB:10540", "OSVDB:10539"]}], "modified": "2017-04-28T13:20:05"}, "vulnersScore": 5.0}, "references": [], "id": "OSVDB:10541", "hash": "78f31bf6615c3ba125058a7c7c2114a0fb71ee16f8d87317168525701de66a15", "lastseen": "2017-04-28T13:20:05", "cvelist": ["CVE-2004-1581"], "modified": "2004-10-06T00:00:00", "description": "## Vulnerability Description\nYves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when an attacker directly accesses cp.inc.php and receives error messages, which will disclose server path information resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 1.5.1-h or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nYves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when an attacker directly accesses cp.inc.php and receives error messages, which will disclose server path information resulting in a loss of confidentiality.\n## References:\nSecurity Tracker: 1011551\n[Secunia Advisory ID:12757](https://secuniaresearch.flexerasoftware.com/advisories/12757/)\n[Related OSVDB ID: 10539](https://vulners.com/osvdb/OSVDB:10539)\n[Related OSVDB ID: 10540](https://vulners.com/osvdb/OSVDB:10540)\nOther Advisory URL: http://blackboard.unclassified.de/70,1#1031\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0044.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0057.html\nISS X-Force ID: 17636\n[CVE-2004-1581](https://vulners.com/cve/CVE-2004-1581)\n"}
{"cve": [{"lastseen": "2017-07-11T11:14:35", "bulletinFamily": "NVD", "description": "BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message.", "modified": "2017-07-10T21:31:09", "published": "2004-12-31T00:00:00", "id": "CVE-2004-1581", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1581", "title": "CVE-2004-1581", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "description": "## Vulnerability Description\nYves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to unauthorized information disclosure. \u00a0The issue is triggered when a user attempts to incorrectly access \"checkdb.in.php\" and receives an error message, which will disclose server path information resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 1.5.1h or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nYves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to unauthorized information disclosure. \u00a0The issue is triggered when a user attempts to incorrectly access \"checkdb.in.php\" and receives an error message, which will disclose server path information resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[victim]/bb_lib/checkdb.inc.php\n\n-----error messages returned---- \n\nWarning: main(lang/_more.php): failed to open stream: No such file or directory in /www/web002/_blackboard/bb_lib/checkdb.inc.php on line 15 \n\nFatal error: main(): Failed opening required 'lang/_more.php' (include_path='.:/usr/local/lib/php') in /www/web002/_blackboard/bb_lib/checkdb.inc.php on line 15\n## References:\nVendor URL: http://blackboard.unclassified.de/download.php\nSecurity Tracker: 1011551\n[Secunia Advisory ID:12757](https://secuniaresearch.flexerasoftware.com/advisories/12757/)\n[Related OSVDB ID: 10541](https://vulners.com/osvdb/OSVDB:10541)\n[Related OSVDB ID: 10540](https://vulners.com/osvdb/OSVDB:10540)\nOther Advisory URL: http://blackboard.unclassified.de/70,1#1031\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0044.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0057.html\nISS X-Force ID: 17636\n[CVE-2004-1581](https://vulners.com/cve/CVE-2004-1581)\n", "modified": "2004-10-06T00:00:00", "published": "2004-10-06T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10539", "id": "OSVDB:10539", "type": "osvdb", "title": "Yves Goergen BlackBoard Internet Newsboard System checkdb.inc.php Path Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "description": "## Vulnerability Description\nYves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when a user attempts to directly access admin.inc.php and receives an error message, which will disclose server path information resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 1.5.1h or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nYves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when a user attempts to directly access admin.inc.php and receives an error message, which will disclose server path information resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[victim]/bb_lib/admin.inc.php\n## References:\nVendor URL: http://blackboard.unclassified.de/download.php\nSecurity Tracker: 1011551\n[Secunia Advisory ID:12757](https://secuniaresearch.flexerasoftware.com/advisories/12757/)\n[Related OSVDB ID: 10539](https://vulners.com/osvdb/OSVDB:10539)\n[Related OSVDB ID: 10541](https://vulners.com/osvdb/OSVDB:10541)\nOther Advisory URL: http://blackboard.unclassified.de/70,1#1031\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0044.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0057.html\nISS X-Force ID: 17636\n[CVE-2004-1581](https://vulners.com/cve/CVE-2004-1581)\n", "modified": "2004-10-06T00:00:00", "published": "2004-10-06T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10540", "id": "OSVDB:10540", "type": "osvdb", "title": "Yves Goergen BlackBoard Internet Newsboard System admin.inc.php Path Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
