CVE-2010-0756
published 2010-02-27CVE-2010-0756: Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1)…
PriorityP429medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
1.83%
76.2th percentile
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wikyblog | wikyblog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2010-3996 festival: insecure library loading vulnerability
bugzilla·2010-11-07·CVSS 6.9
CVE-2010-3996 [MEDIUM] CVE-2010-3996 festival: insecure library loading vulnerability
CVE-2010-3996 festival: insecure library loading vulnerability
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3996 to
the following vulnerability:
Name: CVE-2010-3996
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3996
Assigned: 20101019
Reference: MLIST:[opensuse-updates] 20101022 openSUSE-SU-2010:0756-1 (moderate): festival security update
Reference: URL: http://lists.opensuse.org/opensuse-updates/2010-10/msg00028.html
Reference: CONFIRM: https://bugzilla.novell.com/show_bug.cgi?id=642507
Reference: BID:44395
Reference: URL: http://www.securityfocus.com/bid/44395
festival_server in Centre for Speech Technology Research (CSTR)
Festival, probably 2.0.95-beta and earlier, places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local use
Bugzilla
CVE-2010-3701 MRG: remote authenticated DoS in broker
bugzilla·2010-10-04·CVSS 4.0
CVE-2010-3701 [MEDIUM] CVE-2010-3701 MRG: remote authenticated DoS in broker
CVE-2010-3701 MRG: remote authenticated DoS in broker
A flaw was discovered in how the MRG broker handled the receipt of large persistent messages. If a remote authenticated user were to send a very large persistent message, the broker could exhaust stack memory, resulting in a segfault of the broker. Subsequent connections to the broker would fail until it was restarted.
Discussion:
Further details of this flaw can be found in bug #634014.
---
This issue has been addressed in following products:
MRG for RHEL-5
Via RHSA-2010:0756 https://rhn.redhat.com/errata/RHSA-2010-0756.html
---
This issue has been addressed in following products:
Messaging for MRG on RHEL-4
Messaging Base for MRG on RHEL-4
Via RHSA-2010:0757 https://rhn.redhat.com/errata/RHSA-2010-0757.html
http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txthttp://www.exploit-db.com/exploits/11560http://www.securityfocus.com/bid/38386https://exchange.xforce.ibmcloud.com/vulnerabilities/56594http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txthttp://www.exploit-db.com/exploits/11560http://www.securityfocus.com/bid/38386https://exchange.xforce.ibmcloud.com/vulnerabilities/56594
2010-02-27
Published