← back
CVE-2005-1201

CVE-2005-1201

EPSS 3.4%
Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/43823unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://azbb.cyaccess.com/azbb.php?1091778548http://marc.info/?l=bugtraq&m=111401838521857&w=2http://secunia.com/advisories/15013https://exchange.xforce.ibmcloud.com/vulnerabilities/20180https://exchange.xforce.ibmcloud.com/vulnerabilities/20183http://www.gulftech.org/?node=research&article_id=00068-04192005http://www.osvdb.org/15701http://www.osvdb.org/15702