ByteOS Network

NVD Vulnerability Details :

CVE-2005-3347

Deferred

Source-security@debian.org

Published At-18 Nov, 2005 | 02:02

Updated At-03 Apr, 2025 | 01:03

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

phpgroupware>>phpgroupware>>0.9.16

cpe:2.3:a:phpgroupware:phpgroupware:0.9.16:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	nvd@nist.gov

CWE ID: CWE-22

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/17441	security@debian.org	N/A
http://secunia.com/advisories/17570	security@debian.org	N/A
http://secunia.com/advisories/17584	security@debian.org	N/A
http://secunia.com/advisories/17616	security@debian.org	N/A
http://secunia.com/advisories/17620	security@debian.org	N/A
http://secunia.com/advisories/17643	security@debian.org	N/A
http://secunia.com/advisories/17698	security@debian.org	N/A
http://www.debian.org/security/2005/dsa-897	security@debian.org	N/A
http://www.debian.org/security/2005/dsa-898	security@debian.org	Patch Vendor Advisory
http://www.debian.org/security/2005/dsa-899	security@debian.org	N/A
http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml	security@debian.org	N/A
http://www.hardened-php.net/advisory_212005.81.html	security@debian.org	N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212	security@debian.org	N/A
http://www.securityfocus.com/archive/1/416543	security@debian.org	N/A
http://www.securityfocus.com/bid/15396	security@debian.org	N/A
http://www.securityfocus.com/bid/15414	security@debian.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/23107	security@debian.org	N/A
http://secunia.com/advisories/17441	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/17570	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/17584	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/17616	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/17620	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/17643	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/17698	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2005/dsa-897	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2005/dsa-898	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.debian.org/security/2005/dsa-899	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.hardened-php.net/advisory_212005.81.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/416543	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/15396	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/15414	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/23107	af854a3a-2127-422b-91ae-364da2661108	N/A