Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Az_bulletin_board | Azbb | 1.0.07a (including) | 1.0.07a (including) |
| Az_bulletin_board | Azbb | 1.0.07b (including) | 1.0.07b (including) |
| Az_bulletin_board | Azbb | 1.0.07c (including) | 1.0.07c (including) |
| Az_bulletin_board | Azbb | 1.0.07d (including) | 1.0.07d (including) |
References
- http://azbb.cyaccess.com/azbb.php?1091778548
- http://marc.info/?l=bugtraq\u0026m=111401838521857\u0026w=2
- http://secunia.com/advisories/15013
- http://www.gulftech.org/?node=research\u0026article_id=00068-04192005
- http://www.osvdb.org/15701
- http://www.osvdb.org/15702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20180
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20183
- http://azbb.cyaccess.com/azbb.php?1091778548
- http://marc.info/?l=bugtraq\u0026m=111401838521857\u0026w=2
- http://secunia.com/advisories/15013
- http://www.gulftech.org/?node=research\u0026article_id=00068-04192005
- http://www.osvdb.org/15701
- http://www.osvdb.org/15702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20180
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20183