CVE-2007-1303
published 2007-03-07CVE-2007-1303: Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file…
PriorityP340high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
3.61%
88.0th percentile
Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rrdbrowse | rrdbrowse | <= 1.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Perforce Server 2007.3 - Multiple Remote Denial of Service Vulnerabilities
exploitdb·2008-03-05
CVE-2008-1303 Perforce Server 2007.3 - Multiple Remote Denial of Service Vulnerabilities
Perforce Server 2007.3 - Multiple Remote Denial of Service Vulnerabilities
---
source: https://www.securityfocus.com/bid/28108/info
Perforce Server is prone to multiple remote denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the affected application or cause excessive memory to be consumed, denying service to legitimate users.
These issues affect Perforce Server 2007.3; other versions may also be affected.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31338.zip
Exploit-DB
RRDBrowse 1.6 - Arbitrary File Disclosure
exploitdb·2007-03-04
CVE-2007-1303 RRDBrowse 1.6 - Arbitrary File Disclosure
RRDBrowse 1.6 - Arbitrary File Disclosure
---
I - TITLE
Security advisory: Arbitrary file disclosure vulnerability in
rrdbrowse
II - SUMMARY
Description: Arbitrary file disclosure vulnerability in
rrdbrowse <= 1.6
Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com),
http://www.devtarget.org
Date: March 4th, 2007
Severity: Medium
References: http://www.devtarget.org/rrdbrowse-advisory-03-2007.txt
III - OVERVIEW
Quote from rrdbrowse.org: "RRDBrowse is a poller daemon, templater and
webinterface for RRDTool. It has a threaded daemon which periodically
runs from cron. It works with small .nfo files which hold router
information and optionally connection details, colors, min max,
bandwidth settings, etc, etc. RRDBrowse uses a small caching mechanism
to store interface name
No writeups or analysis indexed.
http://securityreason.com/securityalert/2349http://www.devtarget.org/rrdbrowse-advisory-03-2007.txthttp://www.rrdbrowse.org/index.phphttp://www.securityfocus.com/archive/1/461911/100/0/threadedhttp://www.securityfocus.com/bid/22817http://www.vupen.com/english/advisories/2007/0834https://exchange.xforce.ibmcloud.com/vulnerabilities/32793http://securityreason.com/securityalert/2349http://www.devtarget.org/rrdbrowse-advisory-03-2007.txthttp://www.rrdbrowse.org/index.phphttp://www.securityfocus.com/archive/1/461911/100/0/threadedhttp://www.securityfocus.com/bid/22817http://www.vupen.com/english/advisories/2007/0834https://exchange.xforce.ibmcloud.com/vulnerabilities/32793
2007-03-07
Published