CVE-2008-6942
published 2009-08-12CVE-2008-6942: Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute…
PriorityP343medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
3.95%
89.1th percentile
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v828-7vvf-4p87: Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to ex
ghsa_unreviewed·2022-05-17
CVE-2008-6942 [MEDIUM] CWE-20 GHSA-v828-7vvf-4p87: Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to ex
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
Red Hat
phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
vendor_redhat·2008-10-27·CVSS 6.8
CVE-2008-4775 [MEDIUM] CWE-79 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
No detection rules found.
Exploit-DB
ScriptsFeed (SF) Auto Classifieds Software - Arbitrary File Upload
exploitdb·2008-11-13
CVE-2008-6944 ScriptsFeed (SF) Auto Classifieds Software - Arbitrary File Upload
ScriptsFeed (SF) Auto Classifieds Software - Arbitrary File Upload
---
[~] ScriptsFeed (SF) Auto Classifieds Software Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script/cars_images/[id]_logo_your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
more after you go profile edit
profile: http://localhost/script/
Exploit-DB
ScriptsFeed (SF) Recipes Listing Portal - Arbitrary File Upload
exploitdb·2008-11-13
CVE-2008-6944 ScriptsFeed (SF) Recipes Listing Portal - Arbitrary File Upload
ScriptsFeed (SF) Recipes Listing Portal - Arbitrary File Upload
---
[~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] dork: allinurl:"recipedetail.php?id=" ( çok site var sömürün : ) )
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script/pictures/[id]your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
m
Exploit-DB
ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload
exploitdb·2008-11-13
CVE-2008-6944 ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload
ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload
---
[~] ScriptsFeed (SF) Real Estate Classifieds Software Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script/re_images/[id]_logo_your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
more after you go profile edit
profile: http://local
http://osvdb.org/49960http://secunia.com/advisories/32690http://www.securityfocus.com/bid/32293https://exchange.xforce.ibmcloud.com/vulnerabilities/46609https://www.exploit-db.com/exploits/7110http://osvdb.org/49960http://secunia.com/advisories/32690http://www.securityfocus.com/bid/32293https://exchange.xforce.ibmcloud.com/vulnerabilities/46609https://www.exploit-db.com/exploits/7110
2009-08-12
Published