CVE-2005-1365 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2005-1365

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading / (slash) characters and .. sequences.

Affected Software

Name	Vendor	Start Version	End Version
Pico_server	Pico_server	3.0 (including)	3.0 (including)
Pico_server	Pico_server	3.0_beta_3 (including)	3.0_beta_3 (including)
Pico_server	Pico_server	3.1 (including)	3.1 (including)
Pico_server	Pico_server	3.2 (including)	3.2 (including)

References

http://marc.info/?l=full-disclosure\u0026m=111625635716712\u0026w=2
http://sourceforge.net/project/shownotes.php?release_id=327708
http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt
http://www.securityfocus.com/bid/13642