CVE-2009-0290
published 2009-01-27CVE-2009-0290: Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot)…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.30%
87.0th percentile
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sir | gnuboard | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gmh4-4335-52gp: Directory traversal vulnerability in common
ghsa_unreviewed·2022-05-02
CVE-2009-0290 [MEDIUM] CWE-22 GHSA-gmh4-4335-52gp: Directory traversal vulnerability in common
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
Red Hat
BIND upstream fix for CVE-2009-4022 is incomplete
vendor_redhat·2010-01-19·CVSS 2.6
CVE-2010-0290 [LOW] BIND upstream fix for CVE-2009-4022 is incomplete
BIND upstream fix for CVE-2009-4022 is incomplete
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
No detection rules found.
Exploit-DB
Cisco VPN Client - Integer Overflow Denial of Service
exploitdb·2009-11-21
CVE-2009-4118 Cisco VPN Client - Integer Overflow Denial of Service
Cisco VPN Client - Integer Overflow Denial of Service
---
/*
Cisco VPN client version 5.0.03.0560
Cisco VPN client Version 5.0.04.0300
Cisco VPN client Version 5.0.05.0290
Cisco VPN client Version 4.8.02.0010
*/
/*
* Cisco VPN Client 0day Integer overflow (DOS) Proof Of Concept Code
*
* By Alex Hernandez aka alt3kx (c) November 2009
*
* This POC is only for test. If an application read a malformed chars
* file like this POC, the application will be crashed.
*
* We tested this code on:
*
* Windows Vista Bussines SP1 Spanish
* Windows Vista Home Premium SP1 English
* Windows 2000 Server English
* Windows XP Professional SP3
*
* Cisco VPN client version 5.0.03.0560
* Cisco VPN client Version 5.0.04.0300
* Cisco VPN client Version 5.0.05.0290
* Cisco VPN client Version 4.8.02.0010
*
* Compi
Exploit-DB
GNUBoard 4.31.03 (08.12.29) - Local File Inclusion
exploitdb·2009-01-15
CVE-2009-0290 GNUBoard 4.31.03 (08.12.29) - Local File Inclusion
GNUBoard 4.31.03 (08.12.29) - Local File Inclusion
---
GNUBoard V4.31.03 (08.12.29) Local/Remote File Include Vulnerability
BY flyh4t#hotmail.com
Thx to qiuren/rayt
TEAM:Wolves Security Team
SITE:http://bbs.wolvez.org/
/*************************
SIR GNUBoard (VERSION 4.31.03 (08.12.29))is a widely used bulletin board system of Korea.
It is freely available for all platforms that supports PHP and MySQL.
But we find a file include vulnerability affects SIR GNUBoard.
In special conditions,it may be used as a remote file include vulnerability .
This issue to execute arbitrary PHP code on an affected computer with the privileges of the affected Web server.
Here is the details:
**************************/
TEST ON VERSION 4.31.03 (08.12.29)
/***************************
/common.php
@extract
Trendmicro
Operation Earth Kitsune A Dance of Two New Backdoors
blogs_trendmicro·2020-10-28
Operation Earth Kitsune A Dance of Two New Backdoors
Cyber Threats
# Operation Earth Kitsune: A Dance of Two New Backdoors
We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
By: William Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, Joseph C Chen, John Zhang
2020/10/28
Read time: ( words)
Save to Folio
We recently published a research paper on Operation Earth Kitsune, a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, we also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such following the
Bugzilla
CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete
bugzilla·2010-01-20·CVSS 2.6
CVE-2010-0290 [LOW] CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete
CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete
The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0062 https://rhn.redhat.com/errata/RHSA-2010-0062.html
http://secunia.com/advisories/33564http://www.securityfocus.com/bid/33304https://exchange.xforce.ibmcloud.com/vulnerabilities/48015https://www.exploit-db.com/exploits/7792http://secunia.com/advisories/33564http://www.securityfocus.com/bid/33304https://exchange.xforce.ibmcloud.com/vulnerabilities/48015https://www.exploit-db.com/exploits/7792
2009-01-27
Published