CVE-2008-2818
published 2008-06-23CVE-2008-2818: Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.29%
81.0th percentile
Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the section parameter to the default URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easy-clanpage | easy-clanpage | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
exploitdb·2008-10-12
CVE-2008-2245 Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
---
EMR_SETICMPROFILEA Heap Overflow DOS
By Ac!dDrop
related to MS08-046
Tested on windows Xp professional Sp2
mscms.dll 5.1.2600.2709
gdi32.dll 5.1.2600.2818
Causes Windows explorer and Internet explorer to crash.
You can run arbitary code.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6732.rar (2008-emf_MS08-046.rar)
# milw0rm.com [2008-10-12]
Exploit-DB
Easy-Clanpage 3.0b1 - 'section' Local File Inclusion
exploitdb·2008-06-13
CVE-2008-2818 Easy-Clanpage 3.0b1 - 'section' Local File Inclusion
Easy-Clanpage 3.0b1 - 'section' Local File Inclusion
---
####################################################################################
#LFI Exploit by Loader007
#
#you can connect me for questions ICQ:488525928
#
#Script:Easy-Clanpage 3.0b1
#
#download:
http://www.easy-clanpage.de/?section=downloads&show=viewdownload&id=24
#
#http://example.de/path/?section=[LFI]%00
#
###################################################################################
#HowTo use it
#
#1: make a account
#2: up shell as jpg not bigger than 50kb!
#3: incude the jpg with http://example.de/path/?section=../path/to/image%00
#
#greetz to
#sys-flaw.com
#my friend's Tr0n,N1ReeXz and all the others
###################################################################################
# milw0rm.com [2008-06-13]
No writeups or analysis indexed.
2008-06-23
Published