CVE-2008-0140
published 2008-01-08CVE-2008-0140: Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot…
PriorityP429medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
2.30%
81.1th percentile
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uebimiau | webmail | — | — |
| uebimiau | webmail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-493f-4jww-99vv: Uebimiau Webmail 2
ghsa_unreviewed·2022-05-01·CVSS 6.4
CVE-2008-0210 [MEDIUM] CWE-287 GHSA-493f-4jww-99vv: Uebimiau Webmail 2
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.
GHSA
GHSA-jpw9-mhjf-p23h: Directory traversal vulnerability in error
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2008-0140 [MEDIUM] CWE-22 GHSA-jpw9-mhjf-p23h: Directory traversal vulnerability in error
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
No detection rules found.
Exploit-DB
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
exploitdb·2014-04-28·CVSS 7.9
CVE-2013-0140 [HIGH] McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
McAfee ePolicy Orchestrator 4.6.0 4.6.5
# Tested on: Windows 2003/2008
# CVE : CVE-2013-0140 , CVE-2013-0141
# More info on: http://funoverip.net/?p=1685 & https://github.com/funoverip/epowner
PoC:
v0.2.1- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33071-2.tar.gz (epowner-0.2.1.zip)
INTRODUCTION
- In short, this tool registers a rogue agent on the ePo server and then takes advantage of the
following vulnerabilities to perform multiple actions :
- CVE-2013-0140 : Pre-auth SQL Injection
- CVE-2013-0141 : Pre-auth Directory Path Traversal
- The tool manages the following actions, called "mode" :
-r, --register Register a new agent on the ePo server (it's free)
--check Check the SQL Injection vunerability
--add-admin Add a new web admin account into
Exploit-DB
Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
exploitdb·2008-01-06
CVE-2008-0210 Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
---
----[ Uebimiau Web-Mail Remote File Reader ... ITDefence.ru Antichat.ru ]
Uebimiau Web-Mail Remote File Reader
Eugene Minaev [email protected]
____/ __ __ _______________________ _______ _______________ \ \ \
/ .\ / /_// // / \ \/ __ \ /__/ /
/ / /_// /\ / / / / /___/
\/ / / / / /\ / / /
/ / \/ / / / / /__ //\
\ / ____________/ / \/ __________// /__ // /
/\\ \_______/ \________________/____/ 2007 /_//_/ // //\
\ \\ // // /
.\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / .
. \_\\________[________________________________________]_________//_//_/ . .
At first i decided to look login script . Each script includes this code
0) {
..elseif (
($sess["auth"] && intval((time()-$start)/60) mail_user = $f_user = $sess["user"];
No writeups or analysis indexed.
http://www.attrition.org/pipermail/vim/2008-January/001867.htmlhttp://www.securityfocus.com/bid/27154https://exchange.xforce.ibmcloud.com/vulnerabilities/39460https://www.exploit-db.com/exploits/4846http://www.attrition.org/pipermail/vim/2008-January/001867.htmlhttp://www.securityfocus.com/bid/27154https://exchange.xforce.ibmcloud.com/vulnerabilities/39460https://www.exploit-db.com/exploits/4846
2008-01-08
Published