CyberSec.Space Logo
Back to CVE Browser

CVE-2005-2259

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile30.42th
PublishedJul 13, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.

Affected Platforms (CPE)

πŸ“¦
Usanet Creations

Domain Name Auction

All versions
πŸ“¦
Usanet Creations

Makebid Auction Deluxe

All versions
πŸ“¦
Usanet Creations

Makebid Auction Deluxe

= 3.30
πŸ“¦
Usanet Creations

Makebid Auction Standard

All versions
πŸ“¦
Usanet Creations

Makebid Reverse Auction

All versions
πŸ“¦
Usanet Creations

Standard Classified Ads

All versions
πŸ“¦
Usanet Creations

Usanet Shopping Mall

All versions

References & Advisories

πŸ”— http://secunia.com/advisories/15985
πŸ”— http://securitytracker.com/id?1014411
πŸ”— http://www.securityfocus.com/bid/14179
πŸ”— http://secunia.com/advisories/15985
πŸ”— http://securitytracker.com/id?1014411
πŸ”— http://www.securityfocus.com/bid/14179

Related Vulnerabilities

CVE-2005-473010.0

Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the...

CVE-2005-129910.0

The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

CVE-2005-266910.0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote at...

CVE-2005-051910.0

ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (...