CVE-2005-3579

Walla TeleSite <3.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3579. PoCs published by Rafi Nahum.

AI-analyzed exploit summary The provided text describes multiple input validation vulnerabilities in Walla TeleSite, including path disclosure, file enumeration, SQL injection, and XSS. It includes example URLs demonstrating path disclosure but lacks executable exploit code.

Description

ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Rafi Nahum · textwebappscgi

https://www.exploit-db.com/exploits/26509

View Code ZIP pw:eip

The provided text describes multiple input validation vulnerabilities in Walla TeleSite, including path disclosure, file enumeration, SQL injection, and XSS. It includes example URLs demonstrating path disclosure but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Info Leak | Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Walla TeleSite version 3.0 and earlier

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1006 - Direct Volume Access T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/416581/30/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015204

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/179

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15419

Scores

EPSS 0.0293

EPSS Percentile 85.3%

Details

Status published

Products (1)

walla_telesite/walla_telesite < 3.0

Published Nov 16, 2005

Tracked Since Feb 18, 2026