CVE-2009-4089
published 2009-11-29CVE-2009-4089: telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to…
PriorityP337medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
6.59%
93.0th percentile
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| telepark | telepark.wiki | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
telepark wiki 2.4.23 - Multiple Vulnerabilities
exploitdb·2009-11-16
CVE-2009-4089 telepark wiki 2.4.23 - Multiple Vulnerabilities
telepark wiki 2.4.23 - Multiple Vulnerabilities
---
Abysssec Inc Public Advisory
Title : Telepark Wiki Multiple Remote Vulnerabilities
Affected Version : ",$_POST['wikiFileName'],str_file_uploaded).".\n";
}
for bypass you can use : image.jpg%00.php
note : use group variable for changing directory to another writeable directory
FIXED:
line 22:
if (isset($_POST['wikiComment']) && isset($_POST['pageID']) && $wiki->isUserPage($_POST['pageID'],"loggedUser",true,P_COMMENT)) {
added check is user allowed to comment
line 29:
$data=$wiki->savePage($data,"comment");
savePage now returns checked data - if file name is not allowed returns empty string instead of name
line 67:
$body.=str_replace("",$data['wikiFileName'],str_file_uploaded).".\n";
uses checked filename returned from savePage fun
Exploit-DB
Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH)
exploitdb·2009-08-24
CVE-2009-3214 Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH)
Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH)
---
#
# [+] Vulnerability : ProShow Gold 4 BOF
# [+] Detected by : Bkis - http://blog.bkis.com/?p=737
# [*] Sploit coded by : corelanc0d3r (corelanc0d3r[at]gmail[dot]com)
# [*] Sploit coded on : August 20, 2009
# [*] Type : local
# [*] OS : Windows
# [*] Product : Photodex ProShow Gold
# [*] Versions affected : 4.0
# [*] Download link : http://www.photodex.com/downloads/go_proshowgold
# [*] -------------------------------------------------------------------------
# [*] Method : SEH - Universal
# [*] Tested on : Windows XP SP3 En
# [*] Greetz&Tx to : Saumil/SK
# [*] -------------------------------------------------------------------------
# MMMMM~.
# MMMMM?.
# MMMMMM8. .=MMMMMMM.. MMMMMMMM, MMMMMMM8. MMMMM?.
No writeups or analysis indexed.
http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txthttp://secunia.com/advisories/37391http://www.exploit-db.com/exploits/9483http://www.osvdb.org/60214http://www.osvdb.org/60215https://exchange.xforce.ibmcloud.com/vulnerabilities/54329http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txthttp://secunia.com/advisories/37391http://www.exploit-db.com/exploits/9483http://www.osvdb.org/60214http://www.osvdb.org/60215https://exchange.xforce.ibmcloud.com/vulnerabilities/54329
2009-11-29
Published