CVE-2009-0444
published 2009-02-10CVE-2009-0444: Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.46%
82.4th percentile
Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sirini | grboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-1720 OpenEXR: Multiple integer overflows
bugzilla·2009-07-27·CVSS 7.5
CVE-2009-1720 [HIGH] CVE-2009-1720 OpenEXR: Multiple integer overflows
CVE-2009-1720 OpenEXR: Multiple integer overflows
Multiple integer overflow flaws, leading to heap-based buffer overflows
were found in OpenEXR. A remote attacker could provide a specially-crafted
image file, which once opened by a local, unsuspecting user, would lead
to denial of service ("exrmakepreview" crash), or potentially, arbitrary
code execution with the privileges of the user opening the image.
Credit: Drew Yao of Apple Product Security
Discussion:
Public now via:
http://seclists.org/fulldisclosure/2009/Jul/0444.html
---
This issue affects the versions of the OpenEXR package, as shipped
with Fedora releases of 10 and 11.
This issue affects the versions of the OpenEXR package, as shipped
with Extra Packages for Enterprise Linux 4 (EPEL4) and Extra
Packages for Enterprise L
Bugzilla
CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression
bugzilla·2009-07-27·CVSS 7.5
CVE-2009-1721 [HIGH] CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression
CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression
An invalid pointer free flaw was found in OpenEXR by Huffman decoding.
A remote attacker could provide a specially-crafted image file, which
once opened to a local, unsuspecting user would lead to denial of
service ("exrmakepreview" crash).
Credit: Drew Yao of Apple Product Security
Discussion:
Public now via:
http://seclists.org/fulldisclosure/2009/Jul/0444.html
---
This issue affects the versions of the OpenEXR package, as shipped
with Fedora releases of 10 and 11.
This issue affects the versions of the OpenEXR package, as shipped
with Extra Packages for Enterprise Linux 4 (EPEL4) and Extra
Packages for Enterprise Linux 5 (EPEL5) projects.
---
Created attachment 355419
Freeing unitialised pointers (CVE-2009-1721
Bugzilla
CVE-2005-2974 giflib/libunfig: NULL pointer dereference crash
bugzilla·2009-04-08·CVSS 2.6
CVE-2005-2974 [LOW] CVE-2005-2974 giflib/libunfig: NULL pointer dereference crash
CVE-2005-2974 giflib/libunfig: NULL pointer dereference crash
Common Vulnerabilities and Exposures assigned an identifier CVE-2005-2974 to the following vulnerability:
libungif library before 4.1.0 allows attackers to cause a denial of service via
a crafted GIF file that triggers a null dereference.
References:
http://scary.beasts.org/security/CESA-2005-007.txt
http://sourceforge.net/project/shownotes.php?release_id=364493
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413
Discussion:
Created attachment 338678
Chris Evans' PoC - bad1.gif
Source: http://scary.beasts.org/security/CESA-2005-007.txt
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0444 https://rhn.redhat.com/errata/RHSA-2009-0444.html
---
giflib-4.1.3-10.fc9
2009-02-10
Published