Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-0367

Published: 05/03/2009 Updated: 08/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Wesnoth

Vulnerability Summary

The Python AI module in Wesnoth 1.4.x and 1.5 prior to 1.5.11 allows remote malicious users to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.

Vulnerable Product Search on Vulmon Subscribe to Product

wesnoth wesnoth 1.4

wesnoth wesnoth 1.4.7

wesnoth wesnoth 1.5.0

wesnoth wesnoth 1.5.1

wesnoth wesnoth 1.5.8

wesnoth wesnoth 1.5.9

wesnoth wesnoth 1.4.6

wesnoth wesnoth 1.4.5

wesnoth wesnoth 1.5.2

wesnoth wesnoth 1.5.3

wesnoth wesnoth 1.5.10

wesnoth wesnoth 1.4.4

wesnoth wesnoth 1.4.3

wesnoth wesnoth 1.5.4

wesnoth wesnoth 1.5.5

wesnoth wesnoth 1.4.2

wesnoth wesnoth 1.4.1

wesnoth wesnoth 1.5.6

wesnoth wesnoth 1.5.7

Vendor Advisories

Debian Security Advisories: DSA-1737-1 wesnoth -- several vulnerabilities
Several security issues have been discovered in wesnoth, a fantasy turn-based strategy game The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0366 Daniel Franke discovered that the wesnoth server is prone to a denial of service attack when receiving special crafted compressed data CVE-2009-0367 Daniel F ...

Exploits

Exploit DB: Wesnoth 1.x - PythonAI Remote Code Execution
source: wwwsecurityfocuscom/bid/33971/info Wesnoth is prone to a remote code-execution vulnerability caused by a design error Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application Versions prior to Wesnoth 1511 are affected #!WPY import threading os = thread ...

References

CWE-264http://www.wesnoth.org/forum/viewtopic.php?t=24340http://secunia.com/advisories/34058http://www.wesnoth.org/forum/viewtopic.php?t=24247https://gna.org/bugs/index.php?13048http://www.vupen.com/english/advisories/2009/0595http://launchpad.net/bugs/336396http://launchpad.net/bugs/335089http://www.debian.org/security/2009/dsa-1737http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changeloghttp://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changeloghttp://launchpad.net/bugs/cve/2009-0367http://secunia.com/advisories/34236https://exchange.xforce.ibmcloud.com/vulnerabilities/49058https://nvd.nist.govhttps://www.debian.org/security/./dsa-1737https://www.exploit-db.com/exploits/32837/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook