CVE-2010-1309
published 2010-04-08CVE-2010-1309: Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.73%
84.3th percentile
Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ermenegildo_fiorito | irmin_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RealPlayer - 'rmoc3260.dll' ActiveX Control Heap Corruption (Metasploit)
exploitdb·2010-06-15
CVE-2008-1309 RealPlayer - 'rmoc3260.dll' ActiveX Control Heap Corruption (Metasploit)
RealPlayer - 'rmoc3260.dll' ActiveX Control Heap Corruption (Metasploit)
---
##
# $Id: realplayer_console.rb 9525 2010-06-15 07:18:08Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'RealPlayer rmoc3260.dll ActiveX Control Heap Corruption',
'Description' => %q{
This module exploits a heap corruption vulnerability in the RealPlayer ActiveX control.
By sending a specially crafted string to the 'Console' property
in the rmoc3260.dll control, an attacker may be able to execute
arbitrary code.
},
'License' => MSF_LICENSE,
'Author' => [ '
Exploit-DB
Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 - Multiple Local File
exploitdb·2010-03-30
CVE-2010-1309 Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 - Multiple Local File
Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 - Multiple Local File
---
########################################################
Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 Multiple Local File Vulnerability
########################################################
fucking the Web Apps [LFI #1 - attack edition
____ __ __ __
/\ _`\ /\ \ __ /\ \__/\ \
\ \ \L\_\__ __ ___\ \ \/'\ /\_\ ___ __ \ \ ,_\ \ \___ __
\ \ _\/\ \/\ \ /'___\ \ , ");
fclose($f);
fclose(fopen(".lock", "w"));
}
include (".basepath");
include ("config.php");
//very sweet
include "includes/template-loader.php";
###############
{includes/template-loader.php}
###############
include( 'config.php' );
include( 'db.php' );
//include( 'classes/theme_engine/engine.php' );
include( $_Root_Path . 'classes/Smarty.class.php' );
##############
No writeups or analysis indexed.
2010-04-08
Published