CVE-2005-3645
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
| Software | From | Fixed in |
|---|---|---|
| phpadsnew / phpadsnew | 2_dev_2001-09-30 | 2_dev_2001-09-30.x |
| phpadsnew / phpadsnew | 2.0.6 | 2.0.6.x |
| phpadsnew / phpadsnew | 2.0.5 | 2.0.5.x |
| phpadsnew / phpadsnew | 2.0.4_pr1 | 2.0.4_pr1.x |
| phpadsnew / phpadsnew | 2.0_beta5 | 2.0_beta5.x |
| phppgads / phppgads | 2.0.6 | 2.0.6.x |
| phpadsnew / phpadsnew | 2.0_beta6 | 2.0_beta6.x |
| phpadsnew / phpadsnew | 2_dev_2001-10-09 | 2_dev_2001-10-09.x |
- http://marc.info/?l=bugtraq&m=113165036315035&w=2
- http://seclists.org/lists/bugtraq/2005/Nov/0189.html
- http://secunia.com/advisories/17464/
- http://securityreason.com/securityalert/171
- http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
- http://www.fitsec.com/advisories/FS-05-01.txt
- http://www.osvdb.org/20735
- http://www.osvdb.org/20736
- http://www.osvdb.org/20737
- http://www.osvdb.org/20738
- http://www.osvdb.org/20739
- http://www.osvdb.org/20740
- http://www.osvdb.org/20741
- http://www.osvdb.org/20742
- http://www.osvdb.org/20743
- http://www.vupen.com/english/advisories/2005/2380
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23043
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime