CVE-2013-2009
published 2020-02-07CVE-2013-2009: WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
PriorityP265high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
12.98%
95.8th percentile
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automattic | w3_super_cache | < 1.3.2 | 1.3.2 |
| automattic | wp_super_cache | — | — |
| super_cache_plugin | super_cache_plugin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for remote PHP code execution attempts targeting the WP Super Cache plugin (version 1.2) in WordPress environments. ↗
- →Alert on arbitrary PHP code execution occurring within the web server process context, potentially originating from WP Super Cache plugin requests. ↗
- ·Other versions of WP Super Cache beyond 1.2 may also be affected and should not be assumed safe without verification. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v2r5-9cm2-xw4x: WordPress W3 Super Cache Plugin before 1
ghsa_unreviewed·2022-05-05·CVSS 8.8
CVE-2013-2011 [HIGH] GHSA-v2r5-9cm2-xw4x: WordPress W3 Super Cache Plugin before 1
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
GHSA
GHSA-rg7j-3662-mw98: WordPress WP Super Cache Plugin 1
ghsa_unreviewed·2022-05-05
CVE-2013-2009 [MEDIUM] GHSA-rg7j-3662-mw98: WordPress WP Super Cache Plugin 1
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Red Hat
php: hostname check bypassing vulnerability in SSL client
vendor_redhat·2013-08-13·CVSS 5.9
CVE-2013-4248 [MEDIUM] php: hostname check bypassing vulnerability in SSL client
php: hostname check bypassing vulnerability in SSL client
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Statement: This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 5 or the version of php54 as shipped with Red Hat Software Collections 1.
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php (Red Hat Enterprise Linux 7) - Not affected
Package: php54-php (Red Hat Software C
Red Hat
python: hostname check bypassing vulnerability in SSL module
vendor_redhat·2013-08-12·CVSS 5.9
CVE-2013-4238 [MEDIUM] python: hostname check bypassing vulnerability in SSL module
python: hostname check bypassing vulnerability in SSL module
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Statement: This issue does not affect the version of python as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
Package: python (Red Hat Enterprise Linux 5) - Not affected
Package: python (Red Hat Enterprise Linux 7) - Not affected
P
Red Hat
ruby: hostname check bypassing vulnerability in SSL client
vendor_redhat·2013-06-27·CVSS 5.9
CVE-2013-4073 [MEDIUM] ruby: hostname check bypassing vulnerability in SSL client
ruby: hostname check bypassing vulnerability in SSL client
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Package: ruby (Red Hat Enterprise Linux 7) - Not affected
Package: jruby (Red Hat JBoss SOA Platform 4) - Will not fix
Package: jruby (Red Hat JBoss SOA Platform 5) - Will not fix
Package: ruby193-ruby (Red Hat Software Collections) - Affected
Package: ruby193-ruby (Red Hat Su
No detection rules found.
Exploit-DB
Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
exploitdb·2016-12-19
CVE-2013-6627 Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
Google Chrome ::QuickGetNext Out-of-Bounds Read
---
'''
Source: http://blog.skylined.nl/20161219001.html
Synopsis
A specially crafted HTTP response can allow a malicious web-page to trigger a out-of-bounds read vulnerability in Google Chrome. The data is read from the main process' memory.
Known affected software, attack vectors and potential mitigations
Google Chrome up to, but not including, 31.0.1650.48
An attacker would need to get a target user to open a specially crafted web-page. Disabling JavaScript does not prevent an attacker from triggering the vulnerable code path, but may prevent exfiltration of information.
Since the affected code has not been changed since 2009, I assume this affects all versions of Chrome released in the last few years.
Details
The HttpStream
Exploit-DB
Zimbra 2009-2013 - Local File Inclusion
exploitdb·2013-12-06
CVE-2013-7091 Zimbra 2009-2013 - Local File Inclusion
Zimbra 2009-2013 - Local File Inclusion
---
# Exploit Title: Zimbra 0day exploit / Privilegie escalation via LFI
# Date: 06 Dec 2013
# Exploit Author: rubina119
# Contact Email : rubina119[at]gmail.com
# Vendor Homepage: http://www.zimbra.com/
# Version: 2009, 2010, 2011, 2012 and early 2013 versions are afected,
# Tested on: Centos(x), Ubuntu.
# CVE : No CVE, no patch just 0Day
# State : Critical
# Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30085.zip (zimbraexploit_rubina119.zip)
---------------Description-----------------
This script exploits a Local File Inclusion in
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz
which allows us to see localconfig.xml
that contains LDAP root credentials wich allo
Exploit-DB
WordPress Plugin WP Super Cache - PHP Remote Code Execution
exploitdb·2013-04-24
CVE-2013-2009 WordPress Plugin WP Super Cache - PHP Remote Code Execution
WordPress Plugin WP Super Cache - PHP Remote Code Execution
---
source: https://www.securityfocus.com/bid/59470/info
The WP Super Cache plugin for WordPress is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server.
WP Super Cache 1.2 is vulnerable; other versions may also be affected.
Exploit-DB
Frontis 3.9.01.24 - 'source_class' SQL Injection
exploitdb·2009-06-08
CVE-2009-2013 Frontis 3.9.01.24 - 'source_class' SQL Injection
Frontis 3.9.01.24 - 'source_class' SQL Injection
---
Viva l'Algérie 3-1 --->Karim Matmour-->Abdel-Kader Ghazal-->Rafik al-Zuhair Jabbur-->
Félicitations à tous les Algériens
L'Algérie bat l'Egypte 3-1 à aller
El akouba pour le retour
#-------------------------AllaH AkbaR-------------------------------
#Frontis V3.9.01.24 Remote SQL Injection Vulnerability
#-------------------------------------------------------------------
#Discovered By: Snakespc ALGERIAN HaCkEr
#Mail: [email protected]
#Site:http://www.snakespc.com/sc/index.php
#
# les Algériens Kamikaz Wa4rin Fi kol Bla4s
#-------------------------SNAKES TEAM-------------------------------
#Script:Frontis V3.9.01.24
#
#http://frontisgroup.com
#--------------------------SNAKES TEAM------------------------------
#Exploit:
#-------
Bugzilla
php: heap overflow in floating point parsing
bugzilla·2014-01-24·CVSS 6.8
CVE-2009-0689 [MEDIUM] php: heap overflow in floating point parsing
php: heap overflow in floating point parsing
PHP uses a strtod() implementation using code written by David M. Gay. This code was previously identified to contain a flaw leading to a heap based buffer overflow when overly long string representing a floating point number is parsed to a number. The problem was assigned CVE ids CVE-2009-0689 (bug 539784) and CVE-2013-4164 (bug 1033460) and was fixed in various other projects re-using this affected code.
The problem was already corrected in PHP before the security issue was identified and CVE-2009-0689 assigned, via the following upstream commit:
http://git.php.net/?p=php-src.git;a=commitdiff;h=37da90248deb2188e8ee50e4753ad6340679b425
The fix was included in PHP 5.2.2. This wasn't identified as security fix, or mentioned in the changelog f
Bugzilla
CVE-2009-5066 JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
bugzilla·2012-07-24·CVSS 2.1
CVE-2009-5066 [LOW] CVE-2009-5066 JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
CVE-2009-5066 JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
twiddle.sh accepts credentials as command line arguments. A local attacker could exploit this flaw by reading the credentials from a process listing.
Discussion:
This issue has been addressed in following products:
JBoss Enterprise Application Platform 5.2.0
Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 5
Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 6
Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-2013-0191.html
---
This issue has been address
http://www.openwall.com/lists/oss-security/2013/04/24/10http://www.openwall.com/lists/oss-security/2013/04/24/12http://www.openwall.com/lists/oss-security/2013/04/24/8http://www.securityfocus.com/bid/59470https://exchange.xforce.ibmcloud.com/vulnerabilities/83799http://www.openwall.com/lists/oss-security/2013/04/24/10http://www.openwall.com/lists/oss-security/2013/04/24/12http://www.openwall.com/lists/oss-security/2013/04/24/8http://www.securityfocus.com/bid/59470https://exchange.xforce.ibmcloud.com/vulnerabilities/83799
2020-02-07
Published