CVE-2009-0700
published 2009-02-23CVE-2009-0700: Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a…
PriorityP423medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
2.51%
82.8th percentile
Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plunet | business_manager | <= 4.1 | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6h2q-7gh7-pc6c: Plunet BusinessManager 4
ghsa_unreviewed·2022-05-02
CVE-2009-0700 [MEDIUM] GHSA-6h2q-7gh7-pc6c: Plunet BusinessManager 4
Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp.
Red Hat
evolution: insecure permissions on evolution mailbox folders
vendor_redhat·2009-05-01·CVSS 2.1
CVE-2009-1631 [LOW] evolution: insecure permissions on evolution mailbox folders
evolution: insecure permissions on evolution mailbox folders
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
Statement: Red Hat does not consider this to be a security issue. By default, user home directories are created with mode 0700 permissions, which would not expose the ~/.evolution/ directory regardless of its own permissions.
If a user intentionally relaxes permissions on their home directory, they should be auditing all files and directories in order to not expose unwanted files to other local users.
No detection rules found.
Exploit-DB
Plunet BusinessManager 4.1 - 'pagesUTF8/auftrag_job.jsp?Pfad' Direct Request Information Disclosure
exploitdb·2009-01-07
CVE-2009-0700 Plunet BusinessManager 4.1 - 'pagesUTF8/auftrag_job.jsp?Pfad' Direct Request Information Disclosure
Plunet BusinessManager 4.1 - 'pagesUTF8/auftrag_job.jsp?Pfad' Direct Request Information Disclosure
---
source: https://www.securityfocus.com/bid/33153/info
Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, or perform unauthorized actions as another user; other attacks may also be possible.
Versions prior to BusinessManager 4.2 are vulnerable.
http://www.example.com/pagesUTF8/auftrag_job.jsp?OSG05=1944&anchor=AJob31944 surf jobs
Exploit-DB
Plunet BusinessManager 4.1 - 'pagesUTF8/Sys_DirAnzeige.jsp?Pfad' Direct Request Information Disclosure
exploitdb·2009-01-07
CVE-2009-0700 Plunet BusinessManager 4.1 - 'pagesUTF8/Sys_DirAnzeige.jsp?Pfad' Direct Request Information Disclosure
Plunet BusinessManager 4.1 - 'pagesUTF8/Sys_DirAnzeige.jsp?Pfad' Direct Request Information Disclosure
---
source: https://www.securityfocus.com/bid/33153/info
Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, or perform unauthorized actions as another user; other attacks may also be possible.
Versions prior to BusinessManager 4.2 are vulnerable.
http://www.example.com/pagesUTF8/Sys_DirAnzeige.jsp?AnzeigeText=/PRM&Pfad=/ORDER/
C-00042/PRM
Bugzilla
CVE-2009-1299 pulseaudio: information disclosure or DoS due to temporary directory handling
bugzilla·2010-03-05·CVSS 6.9
CVE-2009-1299 [MEDIUM] CVE-2009-1299 pulseaudio: information disclosure or DoS due to temporary directory handling
CVE-2009-1299 pulseaudio: information disclosure or DoS due to temporary directory handling
Dan Rosenberg reported a vulnerability in pulseaudio's handling of temporary directories, which can be used by an attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users.
When pulseaudio starts, it creates a temporary directory with a predictable name (/tmp/.esd-[uid], where [uid] is the user id of the user executing the pulseaudio process). If the directory already exists, pulseaudio does not create a new one; it also does not check for symbolic links. After the directory is created, or if it already exists, pulseaudio will chown the directory to the uid/gid of the user running pulseaudio, and then chmods it to either 0700 or 0755 (the lat
Bugzilla
CVE-2009-1829 wireshark: PCNFSD dissector crash
bugzilla·2009-05-21·CVSS 5.0
CVE-2009-1829 [MEDIUM] CVE-2009-1829 wireshark: PCNFSD dissector crash
CVE-2009-1829 wireshark: PCNFSD dissector crash
The Wireshark's PCNFSD dissector, dissecting records of network traffic
from an RPC server that supports ONC clients on PC (DOS, OS/2, Macintosh, and other) systems, could crash.
Versions affected: 0.8.20 to 1.0.7
Upstream patch against 1.0.*:
http://anonsvn.wireshark.org/viewvc?view=rev&revision=28404 -- part:
r28128 | gerald | 2009-04-22 10:42:47 -0700 (Wed, 22 Apr 2009) | 6 lines
Changed paths:
M /trunk/epan/dissectors/packet-pcnfsd.c
M /trunk/epan/dissectors/packet-rpc.c
M /trunk/epan/dissectors/packet-rpc.h
From Mark Cave-Ayland: Fix a crash in the PCNFSD dissector.
From me: Apply Mark's fix to the ident string. Add public #defines for
the special strings that dissect_rpc_* might return and use them in
PCNFSD. Replace a manual buff
http://archives.neohapsis.com/archives/bugtraq/2009-01/0032.htmlhttp://archives.neohapsis.com/archives/bugtraq/2009-01/0054.htmlhttp://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txthttp://www.securityfocus.com/bid/33153https://exchange.xforce.ibmcloud.com/vulnerabilities/47794http://archives.neohapsis.com/archives/bugtraq/2009-01/0032.htmlhttp://archives.neohapsis.com/archives/bugtraq/2009-01/0054.htmlhttp://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txthttp://www.securityfocus.com/bid/33153https://exchange.xforce.ibmcloud.com/vulnerabilities/47794
2009-02-23
Published