CVE-2008-2267
published 2008-05-16CVE-2008-2267: Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.81%
90.9th percentile
Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cms_made_simple | cms_made_simple | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rp7v-2qhc-44h3: Incomplete blacklist vulnerability in javaUpload
ghsa_unreviewed·2022-05-01
CVE-2008-2267 [HIGH] CWE-20 GHSA-rp7v-2qhc-44h3: Incomplete blacklist vulnerability in javaUpload
Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.
Red Hat
Firefox command line URL launches multi-tabs
vendor_redhat·2008-07-15·CVSS 7.5
CVE-2008-2933 [HIGH] Firefox command line URL launches multi-tabs
Firefox command line URL launches multi-tabs
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
No detection rules found.
No writeups or analysis indexed.
http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/http://secunia.com/advisories/30208http://www.attrition.org/pipermail/vim/2008-May/001978.htmlhttp://www.securityfocus.com/bid/29170https://exchange.xforce.ibmcloud.com/vulnerabilities/42371https://www.exploit-db.com/exploits/5600http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/http://secunia.com/advisories/30208http://www.attrition.org/pipermail/vim/2008-May/001978.htmlhttp://www.securityfocus.com/bid/29170https://exchange.xforce.ibmcloud.com/vulnerabilities/42371https://www.exploit-db.com/exploits/5600
2008-05-16
Published