CVE-2005-0685
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/03/2005
Last modified:
03/04/2025
Description
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:outstart:participate_enterprise:3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/14542
- http://security.honour.ca/outstartpsi.txt
- http://www.securityfocus.com/archive/1/392623
- http://www.securityfocus.com/bid/12752
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19632
- http://secunia.com/advisories/14542
- http://security.honour.ca/outstartpsi.txt
- http://www.securityfocus.com/archive/1/392623
- http://www.securityfocus.com/bid/12752
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19632