CVE-2008-5989
published 2009-01-28CVE-2008-5989: Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.05%
78.9th percentile
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpcounter | phpcounter | <= 1.3.2 | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
| phpcounter | phpcounter | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rqq9-f77h-855f: Directory traversal vulnerability in defs
ghsa_unreviewed·2022-05-17
CVE-2008-5989 [MEDIUM] CWE-22 GHSA-rqq9-f77h-855f: Directory traversal vulnerability in defs
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
Red Hat
tog-pegasus pam authentication buffer overflow
vendor_redhat·2008-01-07·CVSS 7.5
CVE-2008-0003 [HIGH] CWE-121 tog-pegasus pam authentication buffer overflow
tog-pegasus pam authentication buffer overflow
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
Mitigation: The tog-pegasus package is not installed by default on Red Hat Enterprise Linux.
tog-pegasus supplied by Red Hat binds only to one port (as plain http is
disabled), port 5989. The default firewall installed by Red Hat Enterprise
Linux will block remote access to this port. In normal use it's unlikely you'd
want to have this port accessible outside of an intranet anyway, and it's likely
to be blocked by en
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/31993http://www.securityfocus.com/bid/31373https://exchange.xforce.ibmcloud.com/vulnerabilities/45378https://www.exploit-db.com/exploits/6553http://secunia.com/advisories/31993http://www.securityfocus.com/bid/31373https://exchange.xforce.ibmcloud.com/vulnerabilities/45378https://www.exploit-db.com/exploits/6553
2009-01-28
Published