CVE-2005-4699

TellMe <1.2 - Command Injection

Title source: llm

Description

Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter.

References (6)

[Broken Link, Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html

[Exploit, Patch, Vendor Advisory] http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt

[Product] http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff

[Broken Link, Patch, Vendor Advisory] http://secunia.com/advisories/17078

[Broken Link, Exploit, Patch] http://www.osvdb.org/19871

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22522

Scores

EPSS 0.0129

EPSS Percentile 79.5%

Classification

CWE

CWE-88

Status draft

Affected Products (1)

kimihia/tellme < 1.2

Timeline

Published Dec 31, 2005

Tracked Since Feb 18, 2026