CVE-2009-2180
published 2009-06-23CVE-2009-2180: Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .…
PriorityP433medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
6.14%
92.6th percentile
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pc4arb | pc4_uploader | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
exploitdb·2009-09-15
CVE-2009-3863 Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
---
#####################################################################################
Application: Novell Groupwise Client 7.0.3.1294
Platforms: Windows XP Professional French SP2 and SP3
crash: IE 6.0.2900.2180
Exploitation: remote DoS
Date: 2009-08-24
Author: Francis Provencher (Protek Research Lab's)
#####################################################################################
1) Introduction
2) Technical details and bug
3) The Code
#####################################################################################
1) Introduction
GroupWise is a messaging and collaborative software platform from Novell that supports email, calendaring, personal information management, instant messaging, and
Exploit-DB
EasyMail Quicksoft 6.0.2.0 - CreateStore ActiveX Code Execution (PoC)
exploitdb·2009-09-15
CVE-2008-6447 EasyMail Quicksoft 6.0.2.0 - CreateStore ActiveX Code Execution (PoC)
EasyMail Quicksoft 6.0.2.0 - CreateStore ActiveX Code Execution (PoC)
---
#####################################################################################
Application: EasyMail Quicksoft 6.0.2.0
Platforms: Windows XP Professional French SP2
crash: IE 6.0.2900.2180
Exploitation: remote Code Execution
Date: 2009-08-24
Author: Francis Provencher (Protek Research Lab's)
#####################################################################################
1) Introduction
2) Technical details and bug
3) The Code
#####################################################################################
1) Introduction
Create, send, download, parse, print and store internet email messages in your classic windows application. Designed for Visual Basic, ASP, C++, Delphi, ColdFusion, P
Exploit-DB
Adobe Shockwave Player 11.5.1.601 - ActiveX Buffer Overflow (PoC)
exploitdb·2009-09-15
CVE-2009-3244 Adobe Shockwave Player 11.5.1.601 - ActiveX Buffer Overflow (PoC)
Adobe Shockwave Player 11.5.1.601 - ActiveX Buffer Overflow (PoC)
---
#####################################################################################
Application: Adobe ShockWave Player (11.5.1.601)
Platforms: Windows XP Professional French SP2 and SP3
crash: IE 6.0.2900.2180
Exploitation: remote DoS
Date: 2009-08-24
Author: Francis Provencher (Protek Research Lab's)
#####################################################################################
1) Introduction
2) Technical details and bug
3) The Code
#####################################################################################
1) Introduction
Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.
These people now have access to some of the best the Web has to offer - including d
Exploit-DB
Lotus note connector for BlackBerry Manager 5.0.0.11 - ActiveX Denial of Service
exploitdb·2009-08-25
CVE-2009-3038 Lotus note connector for BlackBerry Manager 5.0.0.11 - ActiveX Denial of Service
Lotus note connector for BlackBerry Manager 5.0.0.11 - ActiveX Denial of Service
---
#####################################################################################
Application: Lotus note connector for Blackberry Manager 5.0.0.11 (And maybe other application that use it..)
Platforms: Windows XP Professional French SP2 and SP3
crash: IE 8.0.6001.18702
IE 6.0.2900.2180
Exploitation: remote DoS
Date: 2009-08-24
Author: Francis Provencher (Protek Research Lab's)
#####################################################################################
1) Introduction
2) Technical details and bug
3) The Code
#####################################################################################
1) Introduction
Notes Connector is an easy to use tool that allows you to instantly syn
Exploit-DB
pc4 Uploader 10.0 - Remote File Disclosure
exploitdb·2009-06-22
CVE-2009-2180 pc4 Uploader 10.0 - Remote File Disclosure
pc4 Uploader 10.0 - Remote File Disclosure
---
|| || | ||
o_,_7 _|| . _o_7 _|| q_|_|| o_\\\_,
( : / (_) / ( .
_/QQQQQQQQQQQQQQQQQQQ\__
__/QQQ/````````````````\QQQ\___
_/QQQQQ/ \QQQQQQ\
/QQQQ/`` ```QQQQ\
/QQQQ/ Advisory \QQQQ\
|QQQQ/ By Qabandi \QQQQ|
|QQQQ| |QQQQ|
|QQQQ| From Kuwait, PEACE... |QQQQ|
|QQQQ| |QQQQ|
|QQQQ\ iqa[a]hotmail.fr /QQQQ|
\QQQQ\ __ /QQQQ/
\QQQQ\ /QQ\_QQQQ/
\QQQQ\ \QQQQQQQ/
\QQQQQ\ /QQQQQ/_
``\QQQQQ\_____________/QQQ/\QQQQ\_
``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\
``````````````````` `````
=Vuln: pc4arb - pc4 Uploader <= 10.0 Remote File Disclosure Vulnerability
=INFO: http://pc4arb.com/article-48.html
=BUY: ~~~
=Download: ~~~
=DORK: intext:"Pictures of Whale Penis"
_-=/:Conditions:\=-_
````````````````````````````````````````````````````````````````````````````````
none
No writeups or analysis indexed.
2009-06-23
Published