CVE-2009-4604
published 2010-01-12CVE-2009-4604: PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.34%
81.5th percentile
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fernando_soares | com_mamboleto | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IBM Tivoli Storage Manager (TSM) - Local Privilege Escalation
exploitdb·2010-12-15
CVE-2010-4604 IBM Tivoli Storage Manager (TSM) - Local Privilege Escalation
IBM Tivoli Storage Manager (TSM) - Local Privilege Escalation
---
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c
IBM Tivoli Storage Manager (TSM) Local Root
Kryptos Logic, December 2010
=====[ Timeline
Vendor Contacted...........: 2009-12-14
Fix from Vendor............: 2010-12-14
Advisory Published.........: 2010-12-15
=====[ Affected Versions
Vulnerable:
IBM TSM 6.1: 6.1.0.0 through 6.1.3.0
IBM TSM 5.5: 5.5.0.0 through 5.5.2.7
IBM TSM 5.4: 5.4.0.0 through 5.4.3.3
IBM TSM 5.3: 5.3.0.0 through 5.3.6.7
- Potentially older versions of IBM TSM dsmtca
Not vulnerable:
IBM TSM 6.1.4
IBM TSM 5.5.3
IBM TSM 5.4.3.4
IBM TSM 5.3.6.10
See IBM advisory IC65491 for details:
h
Exploit-DB
Joomla! Component Mamboleto 2.0 RC3 - Remote File Inclusion
exploitdb·2009-12-10
CVE-2009-4604 Joomla! Component Mamboleto 2.0 RC3 - Remote File Inclusion
Joomla! Component Mamboleto 2.0 RC3 - Remote File Inclusion
---
/**************************************************************************
[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author : Don Tukulesto ([email protected])
[!] Homepage : http://www.indonesiancoder.com
[!] Date : December 10, 2009
[!] Tune In : http://antisecradio.fm (choose your weapon)
**************************************************************************/
[ Software Information ]
[+] Vendor : http://www.fernandosoares.com.br/
[+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_download&gid=35&Itemid=28
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em "legacy mode".
Muito mais aprimorado com dois bancos a mais (Sicredi
No writeups or analysis indexed.
http://packetstormsecurity.org/0912-exploits/joomlamamboleto-rfi.txthttp://www.exploit-db.com/exploits/10369http://www.securityfocus.com/bid/37280https://exchange.xforce.ibmcloud.com/vulnerabilities/54662http://packetstormsecurity.org/0912-exploits/joomlamamboleto-rfi.txthttp://www.exploit-db.com/exploits/10369http://www.securityfocus.com/bid/37280https://exchange.xforce.ibmcloud.com/vulnerabilities/54662
2010-01-12
Published