CVE-2008-4529
published 2008-10-09CVE-2008-4529: Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.47%
82.5th percentile
Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asicms | asicms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
asiCMS alpha 0.208 - Multiple Remote File Inclusions
exploitdb·2008-10-06
CVE-2008-4529 asiCMS alpha 0.208 - Multiple Remote File Inclusions
asiCMS alpha 0.208 - Multiple Remote File Inclusions
---
[o] asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability
Software : asiCMS version alpha 0.208
Vendor : http://asicms.sourceforge.net/
Download : http://sourceforge.net/project/showfiles.php?group_id=203457
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
[o] Vulnerable file
classes/Auth/OpenID/Association.php
classes/Auth/OpenID/BigMath.php
classes/Auth/OpenID/DiffieHellman.php
classes/Auth/OpenID/DumbStore.php
classes/Auth/OpenID/Extension.php
classes/Auth/OpenID/FileStore.php
classes/Auth/OpenID/HMAC.php
classes/Auth/OpenID/MemcachedStore.php
classes/Auth/OpenID/Message.php
classes/Auth/OpenID/Nonce.php
classes/Auth/OpenID/SQLStore.php
classes/Auth/OpenID/SReg.php
classes/Auth/OpenID/TrustRoot.php
classe
Exploit-DB
HP StorageWorks - NSI Double Take Remote Overflow (Metasploit)
exploitdb·2008-06-04
CVE-2008-1661 HP StorageWorks - NSI Double Take Remote Overflow (Metasploit)
HP StorageWorks - NSI Double Take Remote Overflow (Metasploit)
---
##
# $Id: doubletake.rb 4529 2007-03-23 01:08:18Z $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'msf/core'
module Msf
class Exploits::Windows::Misc::Doubletake 'doubletake Overflow',
'Description' => %q{
This Module Exploits a stack overflow in the authentication mechanism of NSI Doubletake which is also rebranded
as hp storage works Vulnerability found by Titon of Bastard Labs.
},
'Author' => [ 'ri0t ' ],
'Version' => '$Revision: 9 $',
'References' =>
[
],
'DefaultOptions' =>
{
'EXITFUNC'
No writeups or analysis indexed.
http://securityreason.com/securityalert/4391http://www.securityfocus.com/bid/31601http://www.vupen.com/english/advisories/2008/2755https://exchange.xforce.ibmcloud.com/vulnerabilities/45684https://www.exploit-db.com/exploits/6685http://securityreason.com/securityalert/4391http://www.securityfocus.com/bid/31601http://www.vupen.com/english/advisories/2008/2755https://exchange.xforce.ibmcloud.com/vulnerabilities/45684https://www.exploit-db.com/exploits/6685
2008-10-09
Published