FUDForum Tree View Access Validation Vulnerability

Bugtraq ID:	14556
Class:	Input Validation Error
CVE:	CAN-2005-2600
Remote:	Yes
Local:	No
Published:	Aug 12 2005 12:00AM
Updated:	Mar 16 2006 06:25AM
Credit:	Alexander Heidenreich is credited with the discovery of this vulnerability.
Vulnerable:	PHPGroupWare PHPGroupWare 0.9.16 RC3 PHPGroupWare PHPGroupWare 0.9.16 RC2 PHPGroupWare PHPGroupWare 0.9.16 RC1 PHPGroupWare PHPGroupWare 0.9.16 .006 PHPGroupWare PHPGroupWare 0.9.16 .005 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 PHPGroupWare PHPGroupWare 0.9.16 .003 + Gentoo Linux PHPGroupWare PHPGroupWare 0.9.16 .002 PHPGroupWare PHPGroupWare 0.9.16 .000 PHPGroupWare PHPGroupWare 0.9.14 .007 PHPGroupWare PHPGroupWare 0.9.14 .006 PHPGroupWare PHPGroupWare 0.9.14 .005 - Conectiva Linux 9.0 - Conectiva Linux 8.0 - Conectiva Linux 7.0 PHPGroupWare PHPGroupWare 0.9.14 .004 PHPGroupWare PHPGroupWare 0.9.14 .003 PHPGroupWare PHPGroupWare 0.9.14 .002 PHPGroupWare PHPGroupWare 0.9.14 .001 PHPGroupWare PHPGroupWare 0.9.14 PHPGroupWare PHPGroupWare 0.9.13 - Debian Linux 2.2 PHPGroupWare PHPGroupWare 0.9.12 - Conectiva Linux 9.0 - Conectiva Linux 8.0 - Conectiva Linux 7.0 - MySQL AB MySQL 3.23.36 - MySQL AB MySQL 3.23.34 - MySQL AB MySQL 3.23.31 - PostgreSQL PostgreSQL 6.5.3 - PostgreSQL PostgreSQL 6.3.2 Ilia Alshanetsky FUDForum 2.6.15 Gentoo Linux eGroupWare eGroupWare 1.0 .0.007 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 + Gentoo Linux

Not Vulnerable:	PHPGroupWare PHPGroupWare 0.9.16 .007