CVE-2008-0466
published 2008-01-29CVE-2008-0466: Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.93%
91.0th percentile
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webwiz | web_wiz_forums | — | — |
| webwiz | web_wiz_newspad | — | — |
| webwiz | web_wiz_rich_text_editor | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Web Wiz Forums 9.07 - 'sub' Directory Traversal
exploitdb·2008-01-23
CVE-2008-0480 Web Wiz Forums 9.07 - 'sub' Directory Traversal
Web Wiz Forums 9.07 - 'sub' Directory Traversal
---
########################## WwW.BugReport.ir ###########################################
#
# AmnPardaz Security Research Team
#
# Title: Web Wiz Forums(TM)
# Vendor: http://www.webwizguide.com/
# Bug: Directory traversal
# Vulnerable Version: 9.07
# Exploit: Available
# Fix Available: No! Fast Solution is available.
###################################################################################
####################
- Description:
####################
Web Wiz Forums bulletin board system is the ideal forum package for your website's community.
####################
- Vulnerability:
####################
Input passed to the FolderName parameter in "RTE_file_browser.asp" and "file_browser.asp" are not properly sanitised before being us
Exploit-DB
Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities
exploitdb·2008-01-23
CVE-2008-0481 Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities
Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities
---
########################## WwW.BugReport.ir ###########################################
#
# AmnPardaz Security Research Team
#
# Title: Web Wiz Rich Text Editor(TM)
# Vendor: http://www.webwizguide.com/
# Bug: Directory traversal + HTM/HTML file creation on the server
# Vulnerable Version: 4.0
# Exploit: Available
# Fix Available: No! Fast Solution is available.
###################################################################################
####################
- Description:
####################
Web Wiz Rich Text Editor (RTE) is a free WYSIWYG HTML Rich Text Editor that replaces standard textarea's with an advanced Word style HTMLarea.
####################
- Vulnerability:
####################
Input passed to the FolderN
No writeups or analysis indexed.
http://securityreason.com/securityalert/3584http://securitytracker.com/id?1019267http://www.bugreport.ir/?/29http://www.bugreport.ir/?/31http://www.securityfocus.com/archive/1/486866/100/0/threadedhttp://www.securityfocus.com/archive/1/486868/100/0/threadedhttp://www.securityfocus.com/bid/27419http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asphttps://www.exploit-db.com/exploits/4970https://www.exploit-db.com/exploits/4971http://securityreason.com/securityalert/3584http://securitytracker.com/id?1019267http://www.bugreport.ir/?/29http://www.bugreport.ir/?/31http://www.securityfocus.com/archive/1/486866/100/0/threadedhttp://www.securityfocus.com/archive/1/486868/100/0/threadedhttp://www.securityfocus.com/bid/27419http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asphttps://www.exploit-db.com/exploits/4970https://www.exploit-db.com/exploits/4971
2008-01-29
Published