CVE-2008-6528
published 2009-03-26CVE-2008-6528: NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.34%
87.1th percentile
NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tmaxsoft | jeus | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TmaxSoft JEUS - Alternate Data Streams File Disclosure
exploitdb·2008-12-12
CVE-2008-6528 TmaxSoft JEUS - Alternate Data Streams File Disclosure
TmaxSoft JEUS - Alternate Data Streams File Disclosure
---
Title: TmaxSoft JEUS Alternate Data Streams Vulnerability
Author: Simon Ryeo(bar4mi (at) gmail)
Severity: High
Impact: Remote File Disclosure
Vulnerable Version: < JEUS 5: Fix#26 on NTFS
References:
- http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx
- http://www.tmaxsoft.com
- http://www.tmax.co.kr/tmaxsoft/index.screen
History:
- 10.22.2008: Initiate notify
- 10.23.2008: The vendor responded
- 11.21.2008: The vendor replied detail information.
- 12.12.2008: The vendor finished the preparation for patches and
responses.
Description:
On NTFS TmaxSoft JEUS, which is an famous web application server, contained
a vulnerability that allows an attacker to obtain web application source
files. This was caused by ADSs(Alt
Exploit-DB
TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
exploitdb·2008-01-20
CVE-2007-6528 TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
---
TikiWiki < 1.9.9 tiki-listmovies.php Directory Traversal Vulnerability
http://www.vulnsite.com/tiki-listmovies.php?movie=../../../../../../etc/passwd%001234
# milw0rm.com [2008-01-20]
No writeups or analysis indexed.
http://secunia.com/advisories/33123http://www.securityfocus.com/archive/1/499235/100/0/threadedhttp://www.securityfocus.com/archive/1/499236/100/0/threadedhttp://www.securityfocus.com/bid/32804https://exchange.xforce.ibmcloud.com/vulnerabilities/47303https://www.exploit-db.com/exploits/7442http://secunia.com/advisories/33123http://www.securityfocus.com/archive/1/499235/100/0/threadedhttp://www.securityfocus.com/archive/1/499236/100/0/threadedhttp://www.securityfocus.com/bid/32804https://exchange.xforce.ibmcloud.com/vulnerabilities/47303https://www.exploit-db.com/exploits/7442
2009-03-26
Published