CVE-2009-2024
published 2009-06-09CVE-2009-2024: Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the…
PriorityP333medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.29%
81.0th percentile
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vt.rovno | asp_vt_auth | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q7wm-hq3m-cm75: Vlad Titarenko ASP VT Auth 1
ghsa_unreviewed·2022-05-02
CVE-2009-2024 [MEDIUM] GHSA-q7wm-hq3m-cm75: Vlad Titarenko ASP VT Auth 1
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt.
Red Hat
kernel: nfs: Fix KMSAN warning in decode_getfattr_attrs()
vendor_redhat·2024-11-19·CVSS 5.5
CVE-2024-53066 [MEDIUM] CWE-908 kernel: nfs: Fix KMSAN warning in decode_getfattr_attrs()
kernel: nfs: Fix KMSAN warning in decode_getfattr_attrs()
In the Linux kernel, the following vulnerability has been resolved:
nfs: Fix KMSAN warning in decode_getfattr_attrs()
Fix the following KMSAN warning:
CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)
BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90
decode_getfattr_attrs+0x2d6d/0x2f90
decode_getfattr_generic+0x806/0xb00
nfs4_xdr_dec_getattr+0x1de/0x240
rpcauth_unwrap_resp_decode+0xab/0x100
rpcauth_unwrap_resp+0x95/0xc0
call_decode+0x4ff/0xb50
__rpc_execute+0x57b/0x19d0
rpc_execute+0x368/0x5e0
rpc_run_task+0xcfe/0xee0
nfs4_proc_getattr+0x5b5/0x990
__nfs_revalidate_inode+0x477/0xd00
nfs_access_get_cached+0x1021/0x1cc0
nfs_do_access+0x9f/0xae0
nfs_perm
Red Hat
kernel: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
vendor_redhat·2024-10-29·CVSS 5.5
CVE-2024-50085 [MEDIUM] CWE-416 kernel: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
kernel: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
Syzkaller reported this splat:
BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881
Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662
CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc3/0x620 mm/kasan/report.c:488
kas
Red Hat
kernel: bonding: fix xfrm real_dev null pointer dereference
vendor_redhat·2024-09-04·CVSS 5.5
CVE-2024-44989 [MEDIUM] CWE-476 kernel: bonding: fix xfrm real_dev null pointer dereference
kernel: bonding: fix xfrm real_dev null pointer dereference
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix xfrm real_dev null pointer dereference
We shouldn't set real_dev to NULL because packets can be in transit and
xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume
real_dev is set.
Example trace:
kernel: BUG: unable to handle page fault for address: 0000000000001030
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: #PF: supervisor write access in kernel mode
kernel: #PF: error_code(0x0002) - not-present page
kernel: PGD 0 P4D 0
kernel: Oops: 0002 [#1] PREEMPT SMP
kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12
kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/20
Red Hat
kernel: net/mlx5: Register devlink first under devlink lock
vendor_redhat·2024-05-20·CVSS 5.5
CVE-2024-35961 [MEDIUM] kernel: net/mlx5: Register devlink first under devlink lock
kernel: net/mlx5: Register devlink first under devlink lock
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Register devlink first under devlink lock
In case device is having a non fatal FW error during probe, the
driver will report the error to user via devlink. This will trigger
a WARN_ON, since mlx5 is calling devlink_register() last.
In order to avoid the WARN_ON[1], change mlx5 to invoke devl_register()
first under devlink lock.
[1]
WARNING: CPU: 5 PID: 227 at net/devlink/health.c:483 devlink_recover_notify.constprop.0+0xb8/0xc0
CPU: 5 PID: 227 Comm: kworker/u16:3 Not tainted 6.4.0-rc5_for_upstream_min_debug_2023_06_12_12_38 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: mlx5
Red Hat
kernel: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
vendor_redhat·2024-04-03·CVSS 7.8
CVE-2024-26724 [HIGH] CWE-416 kernel: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
kernel: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
I managed to hit following use after free warning recently:
[ 2169.711665] ==================================================================
[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0
[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0
[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2
[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
[ 2169.722457] Call Trace:
[ 2169.722756]
[ 2169.723024] dump_st
Suricata
ET WEB_CLIENT Adobe Acrobat Reader FlateDecode Stream Predictor Exploit Attempt
suricata·2011-07-01
CVE-2009-3459 ET WEB_CLIENT Adobe Acrobat Reader FlateDecode Stream Predictor Exploit Attempt
ET WEB_CLIENT Adobe Acrobat Reader FlateDecode Stream Predictor Exploit Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Adobe Acrobat Reader FlateDecode Stream Predictor Exploit Attempt"; flow:established,to_client; file.data; content:"Colors 1073741838"; fast_pattern; pcre:"/]*\x2FPredictor[^>]*\x2FColors\x201073741838/smi"; reference:url,www.fortiguard.com/analysis/pdfanalysis.html; reference:bid,36600; reference:cve,2009-3459; classtype:attempted-user; sid:2013153; rev:4; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2011_07_01, cve CVE_2009_3459, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_09;)
Suricata
ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt
suricata·2010-07-30
CVE-2009-0921 ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt
ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt
Rule: alert http1 $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/OvCgi/Toolbar.exe"; nocase; fast_pattern; http.header; content:"Accept-Language|3a 20|"; nocase; isdataat:1350,relative; content:!"|0A|"; within:1350; content:"Content-Length|3a|"; distance:0; reference:cve,2009-0921; classtype:web-application-attack; sid:2010864; rev:11; metadata:created_at 2010_07_30, cve CVE_2009_0921, confidence High, signature_severity Major, updated_at 2024_04_10;)
Suricata
ET WEB_SPECIFIC_APPS TECHNOTE shop_this_skin_path Parameter Remote File Inclusion
suricata·2010-07-30·CVSS 6.8
CVE-2009-0441 [MEDIUM] ET WEB_SPECIFIC_APPS TECHNOTE shop_this_skin_path Parameter Remote File Inclusion
ET WEB_SPECIFIC_APPS TECHNOTE shop_this_skin_path Parameter Remote File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS TECHNOTE shop_this_skin_path Parameter Remote File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/body_default.php?"; nocase; content:"GOODS[no]="; nocase; content:"GOODS[gs_input]="; nocase; content:"shop_this_skin_path="; nocase; pcre:"/shop_this_skin_path=\s*(https?|ftps?|php)\:\//i"; reference:url,secunia.com/advisories/33732/; reference:cve,CVE-2009-0441; reference:url,milw0rm.com/exploits/7965; classtype:web-application-attack; sid:2009229; rev:8; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote File Include Attempt
suricata·2010-07-30
CVE-2006-2009 ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote File Include Attempt
ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote File Include Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote File Include Attempt"; flow:established,to_server; http.uri; content:"rootagenda="; nocase; pcre:"/(agendaplace(2?)|infoevent|agenda(2?))\.php3\?/i"; pcre:"/rootagenda=(https?|ftps?|php)/i"; reference:cve,2006-2009; reference:bugtraq,17670; classtype:web-application-attack; sid:2002879; rev:10; metadata:affected_product Any, attack_target Server, created_at 2010_07_30, cve CVE_2006_2009, deployment Datacenter, signature_severity Major, tag Remote_File_Include, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Publi
Suricata
ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt
suricata·2010-07-30
CVE-2009-2765 ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt
ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt"; flow:established,to_server; http.uri; content:"/cgi-bin/|3B|"; nocase; pcre:"/\x2Fcgi\x2Dbin\x2F\x3B.+[a-z]/i"; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,www.dd-wrt.com/phpBB2/viewtopic.php?t=55173; reference:bid,35742; reference:cve,2009-2765; classtype:attempted-admin; sid:2009678; rev:10; metadata:created_at 2010_07_30, cve CVE_2009_2765, confidence Medium, signature_severity Major, updated_at 2024_03_06;)
No writeups or analysis indexed.
2009-06-09
Published