CVE-2013-6719
published 2014-03-06CVE-2013-6719: delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote…
PriorityP276medium6CVSS 2.0
AVNACMAuSCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
26.63%
97.8th percentile
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to /delivery.php containing shell metacharacters (`;`, `|`, `&`) in the `testconn_host` parameter, which is the injection point for OS command execution. ↗
- →Alert on path traversal attempts via GET requests to /download.php with a `log` parameter containing `../` sequences, indicating exploitation of the companion LFI vulnerability. ↗
- →The exploit defaults to port 8080 for the PCA web console; monitor for attack traffic on this port targeting the IBM Tealeaf CX application paths. ↗
- ·The exploit notes the CSRF token is not validated by the application, meaning any static or arbitrary CSRF value will be accepted — CSRF protection on this endpoint is non-functional. ↗
- ·The exploit author notes the vulnerability likely affects all versions prior to 8.8, not just the tested version, broadening the affected scope beyond what may be patched. ↗
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vulncheck6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
IBM Tealeaf CX up to 8.7 Web Console delivery.php testconn_host os command injection (EDB-32546 / XFDB-89228)
vuldb·2026-05-07·CVSS 6.0
CVE-2013-6719 [MEDIUM] IBM Tealeaf CX up to 8.7 Web Console delivery.php testconn_host os command injection (EDB-32546 / XFDB-89228)
A vulnerability classified as critical has been found in IBM Tealeaf CX up to 8.7. This affects an unknown part of the file delivery.php of the component Web Console. This manipulation of the argument testconn_host causes os command injection.
This vulnerability is handled as CVE-2013-6719. The attack can be initiated remotely. Additionally, an exploit exists.
GHSA
GHSA-g5c2-jrx4-6f3w: delivery
ghsa_unreviewed·2022-05-17
CVE-2013-6719 [MEDIUM] CWE-78 GHSA-g5c2-jrx4-6f3w: delivery
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.
VulnCheck
IBM tealeaf_cx Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2013·CVSS 6.0
CVE-2013-6719 [MEDIUM] IBM tealeaf_cx Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
IBM tealeaf_cx Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.
Affected: IBM tealeaf_cx
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.checkpoint.com/security/december-2021s-most-wanted-malware-trickbot-emotet-and-the-log4j-plague/
No detection rules found.
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
exploitdb·2015-09-16
CVE-2015-2510 Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=469
The following crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 3013413838_orig.xls
Crashing File: 3013413838_crash.xls
Minimized Crashing File: 3013413838_min.xls
The minimized crashing file shows a one bit delta from the original file at offset 0x139F. OffVis did not reveal anything unique about this offset in the minimized file.
File Versions:
Excel.exe: 12.0.6718.5000
OGL.dll: 12.0.6719.5000
oart.dll: 12.0.6683.5002
GD
Exploit-DB
IBM Tealeaf CX 8.8 - Remote OS Command Injection
exploitdb·2014-03-26·CVSS 6.0
CVE-2013-6719 [MEDIUM] IBM Tealeaf CX 8.8 - Remote OS Command Injection
IBM Tealeaf CX 8.8 - Remote OS Command Injection
---
# IBM Tealeaf CX (v8 release 8) Remote OS Command Injection
# Date: 11/08/2013
# Exploit author: drone
# More information: http://www-01.ibm.com/support/docview.wss?uid=swg21667630
# Vendor homepage: http://www-01.ibm.com/software/info/tealeaf/
# Version: Version 8 Release 8 (likely all versions prior)
# Tested on: Redhat Linux 6.2
# CVE: CVE-2013-6719 / CVE-2013-6720
import requests
from argparse import ArgumentParser
""" Remote OS command injection (no auth)
IBM TeaLeaf Version 8 Release 8
drone (@dronesec)
Bonus:
LFI at /download.php?log=../../etc/passwd
"""
def run(options):
access = "http://{0}:{1}/delivery.php".format(options.address, options.port)
data = {"perform_action" : "testconn",
"delete_id" : "",
"testconn_host" : "8
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/32546https://exchange.xforce.ibmcloud.com/vulnerabilities/89228https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7ahttp://www.exploit-db.com/exploits/32546https://exchange.xforce.ibmcloud.com/vulnerabilities/89228https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a
2014-03-06
Published
Exploited in the wild