CVE-2008-5962
published 2009-01-23CVE-2008-5962: Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.86%
76.5th percentile
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gravity-gtd | gravity-gtd | <= 0.4.5 | — |
| gravity-gtd | gravity-gtd | — | — |
| gravity-gtd | gravity-gtd | — | — |
| gravity-gtd | gravity-gtd | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fpwj-r58c-p44f: Directory traversal vulnerability in library/setup/rpc
ghsa_unreviewed·2022-05-17
CVE-2008-5962 [MEDIUM] CWE-22 GHSA-fpwj-r58c-p44f: Directory traversal vulnerability in library/setup/rpc
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.
Red Hat
older vsftpd authentication memory leak
vendor_redhat·2006-06-28·CVSS 7.1
CVE-2008-2375 [HIGH] CWE-401 older vsftpd authentication memory leak
older vsftpd authentication memory leak
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
No detection rules found.
Exploit-DB
Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution
exploitdb·2008-12-04
CVE-2008-5963 Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution
Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution
---
:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun \ dun[at]strcpy.pl ]
#####################################################
# [ gravity-gtd <= 0.4.5 ] LFI/RCE Vulnerability #
#####################################################
#
# Script: An open source list manager for tracking action items according to the principles of Getting Things Done (GTD).
#
# Download: http://sourceforge.net/projects/gravity-gtd/
#
# [LFI] Vuln: http://site.com/gravity/library/setup/rpc.php?objectname=/../../../../../../../../etc/passwd%00
# [RCE] Vuln: http://site.com/gravity/library/setup/rpc.php?objectname=Xmenu(
Exploit-DB
vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption
exploitdb·2008-06-14
CVE-2007-5962 vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption
vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption
---
#!/usr/bin/perl -w
#######################################################################################
# vsftpd 2.0.5 FTP Server on Red Hat Enterprise Linux (RHEL) 5, Fedora 6 to 8,
# Foresight Linux, rPath Linux is prone to Denial-of-Service(DoS) vulnerability.
#
# Can be xploited by large number of CWD commands to vsftp daemon with deny_file configuration
# option in /etc/vsftpd/vsftpd.conf or the path where FTP server is installed.
#
# I tried to modify local exploit found at securityfocus such that we can remotely exloit
#
# Author shall not bear any responsibility
# Author: Praveen Darshanam
# Email: praveen[underscore]recker[at]sify.com
# Date: 07th June, 2008
#
#
##############################################
No writeups or analysis indexed.
http://secunia.com/advisories/32982http://www.securityfocus.com/bid/32646https://exchange.xforce.ibmcloud.com/vulnerabilities/47090https://www.exploit-db.com/exploits/7344http://secunia.com/advisories/32982http://www.securityfocus.com/bid/32646https://exchange.xforce.ibmcloud.com/vulnerabilities/47090https://www.exploit-db.com/exploits/7344
2009-01-23
Published