CVE-2010-0976
published 2010-03-16CVE-2010-0976: Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.29%
81.0th percentile
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acidcat | acidcat_cms | — | — |
| acidcat | acidcat_cms | — | — |
| acidcat | acidcat_cms | — | — |
| acidcat | acidcat_cms | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5xwc-wcpm-vxxp: Acidcat CMS 3
ghsa_unreviewed·2022-05-02
CVE-2010-0976 [HIGH] GHSA-5xwc-wcpm-vxxp: Acidcat CMS 3
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."
Red Hat
bind: key algorithm rollover may mark secure answers as insecure
vendor_redhat·2010-12-01·CVSS 6.4
CVE-2010-3614 [MEDIUM] bind: key algorithm rollover may mark secure answers as insecure
bind: key algorithm rollover may mark secure answers as insecure
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. Because the version of bind in Red Hat Enterprise Linux 4 does not implement support for the currently-used DNSSEC protocol version, there is no plan to address this flaw there. It has been addressed in Red Hat Enterprise Linux 5 (via RHSA-2010:0975) and Red Hat Enterprise Linux 6 (via RHSA-2010:0976
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txthttp://www.exploit-db.com/exploits/10972https://exchange.xforce.ibmcloud.com/vulnerabilities/55331http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txthttp://www.exploit-db.com/exploits/10972https://exchange.xforce.ibmcloud.com/vulnerabilities/55331
2010-03-16
Published