CVE-2010-0757
published 2010-02-27CVE-2010-0757: Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file…
PriorityP341medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
3.15%
86.3th percentile
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wikyblog | wikyblog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2010-3701 MRG: remote authenticated DoS in broker
bugzilla·2010-10-04·CVSS 4.0
CVE-2010-3701 [MEDIUM] CVE-2010-3701 MRG: remote authenticated DoS in broker
CVE-2010-3701 MRG: remote authenticated DoS in broker
A flaw was discovered in how the MRG broker handled the receipt of large persistent messages. If a remote authenticated user were to send a very large persistent message, the broker could exhaust stack memory, resulting in a segfault of the broker. Subsequent connections to the broker would fail until it was restarted.
Discussion:
Further details of this flaw can be found in bug #634014.
---
This issue has been addressed in following products:
MRG for RHEL-5
Via RHSA-2010:0756 https://rhn.redhat.com/errata/RHSA-2010-0756.html
---
This issue has been addressed in following products:
Messaging for MRG on RHEL-4
Messaging Base for MRG on RHEL-4
Via RHSA-2010:0757 https://rhn.redhat.com/errata/RHSA-2010-0757.html
Bugzilla
CVE-2009-0757 mpfr: multiple buffer overflows lead to DoS [F10]
bugzilla·2009-03-03·CVSS 7.5
CVE-2009-0757 [HIGH] CVE-2009-0757 mpfr: multiple buffer overflows lead to DoS [F10]
CVE-2009-0757 mpfr: multiple buffer overflows lead to DoS [F10]
F10 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2010&bugs=488311,
http://osvdb.org/62648http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txthttp://www.exploit-db.com/exploits/11560http://www.securityfocus.com/bid/38386https://exchange.xforce.ibmcloud.com/vulnerabilities/56517http://osvdb.org/62648http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txthttp://www.exploit-db.com/exploits/11560http://www.securityfocus.com/bid/38386https://exchange.xforce.ibmcloud.com/vulnerabilities/56517
2010-02-27
Published