CVE-2009-1873
published 2009-08-18CVE-2009-1873: Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated…
PriorityP427medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
4.70%
90.7th percentile
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | jrun | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Jvehicles - Local File Inclusion
exploitdb·2010-04-01
CVE-2010-1873 Joomla! Component Jvehicles - Local File Inclusion
Joomla! Component Jvehicles - Local File Inclusion
---
Joomla Component Jvehicles Local File Inclusion
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : [email protected]
Date : 31 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Jvehicles
version : 1.0
Developer : este8an
License : GPL type : Non-Commercial
Date Added : 5 May 2009
Download : http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=select&id=2&orderby=3〈=en
Description :
Derivation of a popular component com_properties (for Estate Agent) .
This component is to manage vehicles. With the same functionality.
file error : components/com_jvehicles/jvehicles.php
how to exp
Exploit-DB
Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal
exploitdb·2009-08-18·CVSS 4.0
CVE-2009-1873 [MEDIUM] Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal
Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal
---
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-052
Application: Adobe JRun Application Server
Versions Affected: 4 updater 7
Vendor URL: http://www.adobe.com/products/jrun/
Bug: Directory Traversal File Read
Exploits: YES
Reported: 20.01.2009
Vendor response: 21.01.2009
Solution: YES
Date of Public Advisory: 17.08.2009
CVE-number: CVE-2009-1873
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)
Description
JRun Management Console Directory Traversal vulnerability.
Details
Directory Traversal vulnerability found in script logviewer.jsp
Using Management Console authenticated attacker can read any file on server.
Also attacker can exploit this issue using XSS (http://www.dse
No writeups or analysis indexed.
http://osvdb.org/57186http://www.adobe.com/support/security/bulletins/apsb09-12.htmlhttp://www.dsecrg.com/pages/vul/show.php?id=152http://www.securityfocus.com/archive/1/505808/100/0/threadedhttps://www.exploit-db.com/exploits/9443http://osvdb.org/57186http://www.adobe.com/support/security/bulletins/apsb09-12.htmlhttp://www.dsecrg.com/pages/vul/show.php?id=152http://www.securityfocus.com/archive/1/505808/100/0/threadedhttps://www.exploit-db.com/exploits/9443
2009-08-18
Published