| Name | CVE-2005-2600 |
| Description | FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-798-1, DSA-899-1 |
| Debian Bugs | 323928, 323929 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| egroupware | source | sarge | 1.0.0.007-2.dfsg-2sarge4 | DSA-899-1 | ||
| egroupware | source | (unstable) | 1.0.0.009.dfsg-3-2 | medium | 323928 | |
| phpgroupware | source | woody | (not affected) | DSA-798-1 | ||
| phpgroupware | source | sarge | 0.9.16.005-3.sarge2 | high | DSA-798-1 | |
| phpgroupware | source | (unstable) | 0.9.16.008-1 | medium | 323929 |