Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0492Improper Restriction of Operations within the Bounds of a Memory Buffer in Xupload

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
74.3%
top 1.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Persits Xupload
Timeline
PublishedJan 30
Latest updateMay 1

Description

Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vr27-2rf5-6c74: Stack-based buffer overflow in the Persits2022-05-01
CVEList
CVE-2008-0492: Stack-based buffer overflow in the Persits2008-01-30

💥Exploits & PoCs

2
Exploit-DB
Persits XUpload - ActiveX AddFile Buffer Overflow (Metasploit)2010-05-09
Exploit-DB
Persits XUpload 3.0 - 'AddFile()' Remote Buffer Overflow2008-01-25
CVE-2008-0492 — Persits Xupload vulnerability | cvebase