{"enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:20:14", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2205"]}], "modified": "2017-04-28T13:20:14", "rev": 2}, "vulnersScore": 6.4}, "bulletinFamily": "software", "affectedSoftware": [{"name": "pngcntrp", "operator": "eq", "version": "2.x"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:17784", "id": "OSVDB:17784", "title": "pngcntrp kaiseki.cgi Arbitrary Command Execution", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:14", "edition": 1, "reporter": "blahplok()", "description": "## Vulnerability Description\npngcntrp contains a flaw that may allow a malicious user to execute arbitrary commands. This flaw exists because the application does not validate input upon submission to the kaiseki.cgi script It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\npngcntrp contains a flaw that may allow a malicious user to execute arbitrary commands. This flaw exists because the application does not validate input upon submission to the kaiseki.cgi script It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/cgi-bin/kaiseki.cgi?|command|\n## References:\nVendor URL: http://www.aurora.dti.ne.jp/~zom/png/counter/ver2/plus.html\nSecurity Tracker: 1014426\n[Secunia Advisory ID:15981](https://secuniaresearch.flexerasoftware.com/advisories/15981/)\nPacket Storm: http://packetstormsecurity.org/0507-exploits/kaiseki.txt\n[CVE-2005-2205](https://vulners.com/cve/CVE-2005-2205)\n", "modified": "2005-07-08T08:53:46", "viewCount": 1, "published": "2005-07-08T08:53:46", "cvelist": ["CVE-2005-2205"]}

{"cve": [{"lastseen": "2020-10-03T11:34:55", "description": "The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.", "edition": 3, "cvss3": {}, "published": "2005-07-11T04:00:00", "title": "CVE-2005-2205", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2205"], "modified": "2008-09-05T20:51:00", "cpe": ["cpe:/a:pngren:pngren:2.0.1"], "id": "CVE-2005-2205", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2205", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:pngren:pngren:2.0.1:*:*:*:*:*:*:*"]}]}