Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1000 — Path Traversal in Apple MAC OS X

CWE-22 — Path Traversal15 documents5 sources

Severity

8.5HIGHNVD

EPSS

4.0%

top 11.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMar 18

Latest updateMay 1

Description

Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/mac_os_x_server10.5.2

▶NVDapple/mac_os_x10.5.2

Patches

Patch: www.coresecurity.com ↗Patch: www.coresecurity.com ↗

🔴Vulnerability Details

GHSA

GHSA-3p27-3cv2-hrjm: Directory traversal vulnerability in ContentServer↗2022-05-01

▶

CVEList

CVE-2008-1000: Directory traversal vulnerability in ContentServer↗2008-03-18

▶

💥Exploits & PoCs

Exploit-DB

CUPS < 1.3.8-4 - Local Privilege Escalation↗2008-12-22

▶

Exploit-DB

GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (2)↗2008-12-05

▶

Exploit-DB

7Shop 1.1 - Arbitrary File Upload↗2008-10-29

▶

Exploit-DB

Accellion File Transfer Appliance Error Report Message - Open Email Relay↗2008-09-15

▶

Exploit-DB

Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service (Metasploit)↗2008-09-15

▶

💬Community

Bugzilla

CVE-2008-3215 clamav: DoS / crash via crafted petite file (incomplete fix of CVE-2008-2713)↗2008-07-15

▶

Bugzilla

CVE-2008-2713 clamav: DoS / crash via crafted petite file↗2008-06-17

▶