CVE-2008-4155
published 2008-09-19CVE-2008-4155: Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1)…
PriorityP342high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
3.00%
85.7th percentile
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easybrik | easysite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g497-qrwv-f7wh: Multiple directory traversal vulnerabilities in EasySite 2
ghsa_unreviewed·2022-05-02
CVE-2008-4155 [HIGH] CWE-22 GHSA-g497-qrwv-f7wh: Multiple directory traversal vulnerabilities in EasySite 2
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php.
Kernel
Merge tag 'xfs-5.17-merge-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
kernel_security·2022-01-21
Merge tag 'xfs-5.17-merge-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Merge tag 'xfs-5.17-merge-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull xfs irix ioctl housecleaning from Darrick Wong:
"Remove the XFS_IOC_ALLOCSP* and XFS_IOC_FREESP* ioctl families.
This is the second of a series of small pull requests that perform
some long overdue housecleaning of XFS ioctls. This time, we're
vacating the implementation of all variants of the ALLOCSP and FREESP
ioctls, which are holdovers from EFS in Irix, circa 1993. Roughly
equivalent functionality have been available for both ioctls since
2.6.25 (April 2008):
- XFS_IOC_FREESP ftruncates a file.
- XFS_IOC_ALLOCSP is the equivalent of fallocate.
As noted in the fix patch for CVE 2021-4155, the ALLOCSP ioctl has
been serving up stale disk blocks since 2000, and in 21 years
**nobody** noticed. On those
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/31570http://securityreason.com/securityalert/4280http://www.securityfocus.com/bid/30784https://exchange.xforce.ibmcloud.com/vulnerabilities/44599https://www.exploit-db.com/exploits/6288http://secunia.com/advisories/31570http://securityreason.com/securityalert/4280http://www.securityfocus.com/bid/30784https://exchange.xforce.ibmcloud.com/vulnerabilities/44599https://www.exploit-db.com/exploits/6288
2008-09-19
Published