CVE-2008-6010
published 2009-01-30CVE-2008-6010: Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2)…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.67%
83.9th percentile
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sg_real_estate_portal | sg_real_estate_portal | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jmr9-w49w-87vw: Multiple directory traversal vulnerabilities in SG Real Estate Portal 2
ghsa_unreviewed·2022-05-17
CVE-2008-6010 [MEDIUM] CWE-22 GHSA-jmr9-w49w-87vw: Multiple directory traversal vulnerabilities in SG Real Estate Portal 2
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php.
Red Hat
openssh may set DISPLAY even if it's unable to listen on respective port
vendor_redhat·2008-01-08·CVSS 6.9
CVE-2008-1483 [MEDIUM] openssh may set DISPLAY even if it's unable to listen on respective port
openssh may set DISPLAY even if it's unable to listen on respective port
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Statement: All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue. Red Hat Enterprise Linux 3 is affected by this issue.
No detection rules found.
No writeups or analysis indexed.
2009-01-30
Published