Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-3068

Published: 04/09/2009 Updated: 10/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Robohelp Server

Vulnerability Summary

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote malicious users to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 up to and including 8.11.

Vulnerable Product Search on Vulmon Subscribe to Product

adobe robohelp server 8

Exploits

Exploit DB: Adobe RoboHelp Server 8 - Authentication Bypass
source: wwwsecurityfocuscom/bid/36245/info Adobe RoboHelp Server is prone to an authentication-bypass vulnerability An attacker can exploit this issue to upload and execute arbitrary code with SYSTEM-level privileges RoboHelp Server 80 is affected; other versions may also be vulnerable b="-----------------------------111\r\n" b+="Co ...
Exploit DB: Adobe RoboHelp Server 8 - Arbitrary File Upload / Execution (Metasploit)
## # $Id: adobe_robohelper_authbypassrb 11127 2010-11-24 19:35:38Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/ ...

References

CWE-264http://twitter.com/elegerov/statuses/3727947465http://twitter.com/elegerov/statuses/3737538715http://twitter.com/elegerov/statuses/3737725344http://www.intevydis.com/blog/?p=26http://secunia.com/advisories/36467http://www.securityfocus.com/bid/36245http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-14.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-09-066http://www.intevydis.com/blog/?p=69http://intevydis.com/vd-list.shtmlhttp://www.securityfocus.com/archive/1/506687/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/33209/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook