CVE-2005-4699

Опубликовано: 31 дек. 2005

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html
Broken Link
Exploit
Patch
Vendor Advisory
http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt
Exploit
Patch
Vendor Advisory
http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff
Product
http://secunia.com/advisories/17078
Broken Link
Patch
Vendor Advisory
http://www.osvdb.org/19871
Broken Link
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/22522
Third Party Advisory
VDB Entry
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html
Broken Link
Exploit
Patch
Vendor Advisory
http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt
Exploit
Patch
Vendor Advisory
http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff
Product
http://secunia.com/advisories/17078
Broken Link
Patch
Vendor Advisory
http://www.osvdb.org/19871
Broken Link
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/22522
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kimihia:tellme:*:*:*:*:*:*:*:*

Версия до 1.2 (включая)

EPSS

Процентиль: 79%

0.01295

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-88

Связанные уязвимости

GHSA-qmhp-32vc-r662

github

почти 4 года назад