CVE-2009-2177
published 2009-06-23CVE-2009-2177: code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.19%
89.7th percentile
code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fuzzylime | fuzzylime_cms | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h79m-47pc-f28h: code/display
ghsa_unreviewed·2022-05-02
CVE-2009-2177 [MEDIUM] CWE-22 GHSA-h79m-47pc-f28h: code/display
code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.
Red Hat
OpenOffice.org: InteVyDis Demo of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date May,2009)
vendor_redhat·2011-05-31·CVSS 7.8
CVE-2011-2177 [HIGH] OpenOffice.org: InteVyDis Demo of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date May,2009)
OpenOffice.org: InteVyDis Demo of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date May,2009)
OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.
Statement: We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue.
No detection rules found.
http://osvdb.org/55184http://secunia.com/advisories/35489http://www.securityfocus.com/bid/35418https://exchange.xforce.ibmcloud.com/vulnerabilities/51206https://www.exploit-db.com/exploits/8978http://osvdb.org/55184http://secunia.com/advisories/35489http://www.securityfocus.com/bid/35418https://exchange.xforce.ibmcloud.com/vulnerabilities/51206https://www.exploit-db.com/exploits/8978
2009-06-23
Published