CVE-2010-1059
published 2010-03-23CVE-2010-1059: Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.33%
67.6th percentile
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpkobo | address_book_script | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Phpkobo Address Book Script 1.09 staff/app/common.inc.php LANG_CODE path traversal (BID-38731 / SA38938)
vuldb·2026-05-03·CVSS 6.8
CVE-2010-1059 [MEDIUM] Phpkobo Address Book Script 1.09 staff/app/common.inc.php LANG_CODE path traversal (BID-38731 / SA38938)
A vulnerability identified as problematic has been detected in Phpkobo Address Book Script 1.09. Impacted is an unknown function of the file staff/app/common.inc.php. Performing a manipulation of the argument LANG_CODE results in path traversal.
This vulnerability is cataloged as CVE-2010-1059. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
GHSA-2fc2-f8gj-8hm5: Directory traversal vulnerability in staff/app/common
ghsa_unreviewed·2022-05-02
CVE-2010-1059 [MEDIUM] CWE-22 GHSA-2fc2-f8gj-8hm5: Directory traversal vulnerability in staff/app/common
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
Exploit-DB
Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
exploitdb·2010-05-19·CVSS 10.0
CVE-2010-1663 [CRITICAL] Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
---
# Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
#
# CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1663
#
# Author: Jordi Chancel
#
# Software Link: http://googlechromereleases.blogspot.com/2010/04/stable-update-bug-and-security-fixes.html
#
# Description: {
# The Google URL Parsing Library (aka google-url or GURL) in Google Chrome
# before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy
# via CHARACTER TABULATION or others escape characters inside javascript: protocol string. }
#
# Some PoC :
Inject JavaScript
----
Inject JavaScript
----
Inject JavaScript
----
Inject JavaScript
----
Inject JavaScript
Greetz : Xylitol , Eddy Bordi , 599eme Man , Gno
Exploit-DB
SecureCRT 4.0 Beta 2 SSH1 - Remote Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2002-1059 SecureCRT 4.0 Beta 2 SSH1 - Remote Buffer Overflow (Metasploit)
SecureCRT 4.0 Beta 2 SSH1 - Remote Buffer Overflow (Metasploit)
---
##
# $Id: securecrt_ssh1.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
class Metasploit3 'SecureCRT %q{
This module exploits a buffer overflow in SecureCRT 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9179 $',
'References' =>
[
[ 'CVE', '2002-1059' ],
[ 'OSVDB', '4991' ],
[ 'BID', '5287' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'Payload' =>
{
'Space' => 400,
'BadChars' => "\x00",
'MaxNops' => 0,
'StackAdjustment' => -3500,
},
'Platform' => 'win',
No writeups or analysis indexed.
2010-03-23
Published