CVE-2009-4321
published 2009-12-14CVE-2009-4321: extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of…
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.47%
82.5th percentile
extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8873-7w2h-2cpf: The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) i
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2009-4323 [MEDIUM] GHSA-8873-7w2h-2cpf: The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) i
The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322.
GHSA
GHSA-4mhg-w5rg-4wv7: extras/curltest
ghsa_unreviewed·2022-05-02
CVE-2009-4321 [MEDIUM] CWE-20 GHSA-4mhg-w5rg-4wv7: extras/curltest
extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.
Red Hat
fail2ban: remote DoS via crafted domain names
vendor_redhat·2009-02-04·CVSS 6.8
CVE-2009-0362 [MEDIUM] fail2ban: remote DoS via crafted domain names
fail2ban: remote DoS via crafted domain names
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/60892http://secunia.com/advisories/37630http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/http://www.securityfocus.com/archive/1/508340/100/0/threadedhttp://www.securityfocus.com/bid/37283http://www.vupen.com/english/advisories/2009/3474http://www.zen-cart.com/forum/showthread.php?t=142784https://exchange.xforce.ibmcloud.com/vulnerabilities/54687http://osvdb.org/60892http://secunia.com/advisories/37630http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/http://www.securityfocus.com/archive/1/508340/100/0/threadedhttp://www.securityfocus.com/bid/37283http://www.vupen.com/english/advisories/2009/3474http://www.zen-cart.com/forum/showthread.php?t=142784https://exchange.xforce.ibmcloud.com/vulnerabilities/54687
2009-12-14
Published