CVE-2010-3909
published 2010-11-26CVE-2010-3909: Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the…
PriorityP432medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
1.64%
73.4th percentile
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vtiger | vtiger_crm | <= 5.2.0 | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2534 OpenTTD: DoS (server infinite loop with excessive CPU use) when new client is joining server game (FS#3909)
bugzilla·2010-07-21·CVSS 5.0
CVE-2010-2534 [MEDIUM] CVE-2010-2534 OpenTTD: DoS (server infinite loop with excessive CPU use) when new client is joining server game (FS#3909)
CVE-2010-2534 OpenTTD: DoS (server infinite loop with excessive CPU use) when new client is joining server game (FS#3909)
User with nickname 'Dolly' reported:
[1] http://bugs.openttd.org/task/3909
a deficiency in the way OpenTTD transportation business simulation game
server synced local command queue to the command queue of the given socket
after receiving a command from a game joining client. A remote attacker
could use this flaw to conduct denial of service attacks, leading to game
server infinite loop consuming excessive amount of CPU time.
Proposed patch:
[2] http://bugs.openttd.org/task/3909/getfile/6237/loop_fix.patch (needs
upstream review and may change in final form)
CVE Request:
[3] http://www.openwall.com/lists/oss-security/2010/07/20/1
How reproducible: Sometimes
Discus
Bugzilla
CVE-2010-2534 OpenTTD: DoS (server infinite loop with excessive CPU use) when new client is joining server game (FS#3909) [fedora-all]
bugzilla·2010-07-21·CVSS 5.0
CVE-2010-2534 [MEDIUM] CVE-2010-2534 OpenTTD: DoS (server infinite loop with excessive CPU use) when new client is joining server game (FS#3909) [fedora-all]
CVE-2010-2534 OpenTTD: DoS (server infinite loop with excessive CPU use) when new client is joining server game (FS#3909) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
Forr more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=s
http://secunia.com/advisories/42246http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/http://wiki.vtiger.com/index.php/Vtiger521:Release_Noteshttp://www.securityfocus.com/archive/1/514846/100/0/threadedhttp://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txthttp://secunia.com/advisories/42246http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/http://wiki.vtiger.com/index.php/Vtiger521:Release_Noteshttp://www.securityfocus.com/archive/1/514846/100/0/threadedhttp://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
2010-11-26
Published