CVE-2009-2238
published 2009-06-27CVE-2009-2238: Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows…
PriorityP349medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.51%
87.7th percentile
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dmxready | registration_manager | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6qh4-xqvp-g8h9: Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager
ghsa_unreviewed·2022-05-02
CVE-2009-2238 [MEDIUM] GHSA-6qh4-xqvp-g8h9: Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.
Red Hat
CVE-2009-2139: Heap-based buffer overflow in svtools/source/filter
vendor_redhat·CVSS 9.3
CVE-2009-2139 [CRITICAL] CVE-2009-2139: Heap-based buffer overflow in svtools/source/filter
Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.
Statement: Not vulnerable. This issue did not affect the versions of openoffice.org and openoffice.org2 packages as shipped with Red Hat Enterprise Linux 3, 4, or 5.
No detection rules found.
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/8749http://www.securityfocus.com/archive/1/503648/100/0/threadedhttp://www.securityfocus.com/bid/35039https://exchange.xforce.ibmcloud.com/vulnerabilities/50651http://www.exploit-db.com/exploits/8749http://www.securityfocus.com/archive/1/503648/100/0/threadedhttp://www.securityfocus.com/bid/35039https://exchange.xforce.ibmcloud.com/vulnerabilities/50651
2009-06-27
Published