CVE-2009-0674

Published: 22/02/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 605

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote malicious users to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ravenphpscripts ravennuke 2.30

[waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 230 =============================================================================== Author: Janek Vind "waraxe" Date: 16 February 2009 Location: Estonia, Tartu Web: wwwwaraxeus/advisory-72html Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...

CWE-94 http://www.waraxe.us/advisory-72.html http://www.securityfocus.com/bid/33787 http://ravenphpscripts.com/postt17156.html https://exchange.xforce.ibmcloud.com/vulnerabilities/48983 https://exchange.xforce.ibmcloud.com/vulnerabilities/48792 https://www.exploit-db.com/exploits/8068 http://www.securityfocus.com/archive/1/500988/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/8068/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0674

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect