CVE-2010-1043
published 2010-03-23CVE-2010-1043: Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.36%
81.6th percentile
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jaxcms | jaxcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
jaxCMS 1.0 index.php path traversal (EDB-11359 / SA38524)
vuldb·2026-05-03·CVSS 7.5
CVE-2010-1043 [HIGH] jaxCMS 1.0 index.php path traversal (EDB-11359 / SA38524)
A vulnerability was found in jaxCMS 1.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument p leads to path traversal.
This vulnerability is listed as CVE-2010-1043. The attack may be initiated remotely. In addition, an exploit is available.
GHSA
GHSA-r7qq-9qwv-mj66: Directory traversal vulnerability in index
ghsa_unreviewed·2022-05-02
CVE-2010-1043 [HIGH] CWE-22 GHSA-r7qq-9qwv-mj66: Directory traversal vulnerability in index
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
Suricata
GPL RPC portmap ypserv request UDP
suricata·2010-09-23
CVE-2000-1042 GPL RPC portmap ypserv request UDP
GPL RPC portmap ypserv request UDP
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap ypserv request UDP"; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 A4|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; reference:arachnids,12; reference:bugtraq,5914; reference:bugtraq,6016; reference:cve,2000-1042; reference:cve,2000-1043; reference:cve,2002-1232; classtype:rpc-portmap-decode; sid:2100590; rev:13; metadata:created_at 2010_09_23, cve CVE_2000_1042, signature_severity Informational, updated_at 2019_07_26;)
Suricata
GPL RPC portmap ypserv request TCP
suricata·2010-09-23
CVE-2000-1042 GPL RPC portmap ypserv request TCP
GPL RPC portmap ypserv request TCP
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap ypserv request TCP"; flow:established,to_server; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 A4|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; reference:arachnids,12; reference:bugtraq,5914; reference:bugtraq,6016; reference:cve,2000-1042; reference:cve,2000-1043; reference:cve,2002-1232; classtype:rpc-portmap-decode; sid:2101276; rev:16; metadata:created_at 2010_09_23, cve CVE_2000_1042, signature_severity Informational, updated_at 2024_03_08;)
Exploit-DB
BS.Player 2.56 - '.m3u' / '.pls' File Processing Multiple Remote Denial of Service Vulnerabilities
exploitdb·2010-09-26
BS.Player 2.56 - '.m3u' / '.pls' File Processing Multiple Remote Denial of Service Vulnerabilities
BS.Player 2.56 - '.m3u' / '.pls' File Processing Multiple Remote Denial of Service Vulnerabilities
---
# source: https://www.securityfocus.com/bid/43502/info
#
# BS.Player is prone to multiple remote denial-of-service vulnerabilities.
#
# An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.
#
# BS.Player 2.56 is vulnerable; other versions may also be affected.
#
#!/usr/bin/python
#
# Exploit Title: BS.Player 2.56 (Build 1043) .m3u and .pls Denial of Service
# Date: September 27, 2010
# Author: modpr0be
# Software Link: http://www.bsplayer.com/bsplayer-setup.exe
# Version: 2.0.0
# Tested on: Windows XP SP3/2003
# CVE : -
# How it works?
# Open BS.Player --> Open the Playlist Window --> Load m3u/pls file --> boom!
#
# SEHand
Exploit-DB
JaxCMS 1.0 - Local File Inclusion
exploitdb·2010-02-08
CVE-2010-1043 JaxCMS 1.0 - Local File Inclusion
JaxCMS 1.0 - Local File Inclusion
---
/*
Name : JaxCMS (p) Local File Include
WebSite : http://www.pixiescripts.com/
Author : Hamza 'MizoZ' N.
Email : [email protected]
Greetz : Zuka !
*/
The vulnerability is in the get $_GET['p'] , the index.php include '/pages/'.$_GET['p'].'.php'
So we can read any file in the server .
EXPLOIT :
http://server/[JaxCMS PATH]/index.php?p=[LFI]%00
No writeups or analysis indexed.
2010-03-23
Published