CVE-2009-1678
published 2009-05-18CVE-2009-1678: Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.43%
82.2th percentile
Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitweaver | bitweaver | <= 2.6 | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hxrq-x6mc-c6rh: Directory traversal vulnerability in the saveFeed function in rss/feedcreator
ghsa_unreviewed·2022-05-02
CVE-2009-1678 [HIGH] CWE-22 GHSA-hxrq-x6mc-c6rh: Directory traversal vulnerability in the saveFeed function in rss/feedcreator
Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.
Red Hat
openssl significant memory leak in certain SSLv3 requests (DoS)
vendor_redhat·2010-01-13·CVSS 5.0
CVE-2009-4355 [MEDIUM] CWE-401 openssl significant memory leak in certain SSLv3 requests (DoS)
openssl significant memory leak in certain SSLv3 requests (DoS)
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/35057http://www.securityfocus.com/archive/1/503435http://www.securityfocus.com/bid/34910https://www.exploit-db.com/exploits/8659http://secunia.com/advisories/35057http://www.securityfocus.com/archive/1/503435http://www.securityfocus.com/bid/34910https://www.exploit-db.com/exploits/8659
2009-05-18
Published