CVE-2008-0221
published 2008-01-10CVE-2008-0221: Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.73%
92.1th percentile
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gateway | weblaunch | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2008-1654 Flash Player cross domain HTTP header flaw
bugzilla·2008-04-04·CVSS 4.3
CVE-2008-1654 [MEDIUM] CVE-2008-1654 Flash Player cross domain HTTP header flaw
CVE-2008-1654 Flash Player cross domain HTTP header flaw
Adobe Flash Player 9.0.124.0 adds a new feature to perform a cross-domain policy
file check before allowing a SWF file to send HTTP headers to a different domain.
Discussion:
Public now via:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Lifting embargo.
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0221.html
Bugzilla
CVE-2007-6637 Flash Player content injection flaw
bugzilla·2008-04-04·CVSS 4.3
CVE-2007-6637 [MEDIUM] CVE-2007-6637 Flash Player content injection flaw
CVE-2007-6637 Flash Player content injection flaw
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow
remote attackers to inject arbitrary web script or HTML via a crafted SWF file,
related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat
Connect.
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0221.html
Bugzilla
CVE-2008-1655 Flash Player DNS rebind flaw
bugzilla·2008-04-04·CVSS 4.3
CVE-2008-1655 [MEDIUM] CVE-2008-1655 Flash Player DNS rebind flaw
CVE-2008-1655 Flash Player DNS rebind flaw
Adobe Flash Player 9.0.124.0 further reduces the possibility of Flash Player
being used to conduct a DNS rebind attack.
Discussion:
Public now via:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Lifting embargo.
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0221.html
Bugzilla
CVE-2007-6019 Flash Player input validation error
bugzilla·2008-04-04·CVSS 9.3
CVE-2007-6019 [CRITICAL] CVE-2007-6019 Flash Player input validation error
CVE-2007-6019 Flash Player input validation error
Adobe Flash Player 9.0.124.0 fixes input validation errors that could result in
the execution of arbitrary code with the permissions of the user running Flash
Player.
Discussion:
Public now via:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Lifting embargo.
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0221.html
Bugzilla
CVE-2007-0071 Flash Player input validation error
bugzilla·2008-04-04·CVSS 9.3
CVE-2007-0071 [CRITICAL] CVE-2007-0071 Flash Player input validation error
CVE-2007-0071 Flash Player input validation error
Adobe Flash Player 9.0.124.0 fixes input validation errors that could result in
the execution of arbitrary code with the permissions of the user running Flash
Player.
Discussion:
Public now via:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Lifting embargo.
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0221.html
Bugzilla
CVE-2007-6243 Flash Player cross-domain and cross-site scripting flaws
bugzilla·2008-04-04·CVSS 9.3
CVE-2007-6243 [CRITICAL] CVE-2007-6243 Flash Player cross-domain and cross-site scripting flaws
CVE-2007-6243 Flash Player cross-domain and cross-site scripting flaws
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to
7.0.70.0 does not sufficiently restrict the interpretation and usage of
cross-domain policy files, which makes it easier for remote attackers to conduct
cross-domain and cross-site scripting (XSS) attacks.
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2007-1126.html
http://rhn.redhat.com/errata/RHSA-2008-0221.html
http://marc.info/?l=full-disclosure&m=119984138526735&w=2http://secunia.com/advisories/28379http://www.vupen.com/english/advisories/2008/0077https://www.exploit-db.com/exploits/4869http://marc.info/?l=full-disclosure&m=119984138526735&w=2http://secunia.com/advisories/28379http://www.vupen.com/english/advisories/2008/0077https://www.exploit-db.com/exploits/4869
2008-01-10
Published