CVE-2010-0958
published 2010-03-10CVE-2010-0958: Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.87%
76.7th percentile
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thomas_perez | tribisur | <= 2.1 | — |
| thomas_perez | tribisur | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Thomas Perez Tribisur 2.0/2.1 modules/hayoo/index.php theme path traversal (EDB-11655 / BID-38596)
vuldb·2026-05-02·CVSS 6.8
CVE-2010-0958 [MEDIUM] Thomas Perez Tribisur 2.0/2.1 modules/hayoo/index.php theme path traversal (EDB-11655 / BID-38596)
A vulnerability, which was classified as problematic, has been found in Thomas Perez Tribisur 2.0/2.1. Impacted is an unknown function of the file modules/hayoo/index.php. This manipulation of the argument theme causes path traversal.
This vulnerability appears as CVE-2010-0958. The attack may be initiated remotely. In addition, an exploit is available.
GHSA
GHSA-wrh3-wmfx-vwpv: Directory traversal vulnerability in modules/hayoo/index
ghsa_unreviewed·2022-05-02
CVE-2010-0958 [MEDIUM] CWE-22 GHSA-wrh3-wmfx-vwpv: Directory traversal vulnerability in modules/hayoo/index
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.
Red Hat
kernel: sctp: do not reset the packet during sctp_packet_config
vendor_redhat·2010-09-15·CVSS 7.8
CVE-2010-3432 [HIGH] CWE-228 kernel: sctp: do not reset the packet during sctp_packet_config
kernel: sctp: do not reset the packet during sctp_packet_config
The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. This was addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0958.html and https://rhn.redhat.com/errata/RHSA-2010-0842.html. Future updates in Red Hat Enterprise Linux 4 and 5 may address this flaw.
Mitigation: For users that do not run applications that use SCTP, y
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/1003-exploits/tribisur-lfi.txthttp://secunia.com/advisories/28362http://www.exploit-db.com/exploits/11655http://www.securityfocus.com/bid/38596http://packetstormsecurity.org/1003-exploits/tribisur-lfi.txthttp://secunia.com/advisories/28362http://www.exploit-db.com/exploits/11655http://www.securityfocus.com/bid/38596
2010-03-10
Published