CVE-2012-5901

Published: Nov 17, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.

Affected (1)

Products: Dflabs: Ptk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dflabs Ptk	Version 1.0.5

Related CWEs

References (10)

http://osvdb.org/80773

Source: cve@mitre.org

http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html

Source: cve@mitre.org

http://secunia.com/advisories/48585

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/52817

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/74491

Source: cve@mitre.org

http://osvdb.org/80773

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48585

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/52817

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/74491

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.