CVE-2005-3929

Xaraya - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpdosphp

https://www.exploit-db.com/exploits/1345

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/418087/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2665

[Exploit, Vendor Advisory] http://rgod.altervista.org/xaraya1DOS.hmtl

[Third Party Advisory] http://secunia.com/advisories/17788

[Third Party Advisory] http://securityreason.com/securityalert/217

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/418191/100/0/threaded

[Exploit] http://www.securityfocus.com/bid/15623

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/418209/100/0/threaded

Scores

EPSS 0.0902

EPSS Percentile 92.6%

Details

Status published

Products (4)

xaraya/xaraya 1.0_rc1

xaraya/xaraya 1.0_rc2

xaraya/xaraya 1.0_rc3

xaraya/xaraya 1.0_rc4

Published Nov 30, 2005

Tracked Since Feb 18, 2026