Advertisement






GNUMP3d Discloses Files on the Target System to Remote Users and Permits Cross-Site Scripting Attack

CVE Category Price Severity
CVE-2005-3122 CWE-200 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2005-10-29
CPE
cpe:cpe:/a:gnump3d:gnump3d
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2005100073

Below is a copy:

Debian reported:
 
Steve Kemp discovered two vulnerabilities in gnump3d, a streaming
server for MP3 and OGG files.  The Common Vulnerabilities and
Exposures Project identifies the following problems:
 
CVE-2005-3122
 
    The 404 error page does not strip malicious javascript content
    from the resulting page, which would be executed in the victims
    browser.
 
CVE-2005-3123
 
    By using specially crafting URLs it is possible to read arbitary
    files to which the user of the streaming server has access to.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum