Published: 29/11/2009 Updated: 17/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and previous versions allow remote malicious users to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
telepark telepark.wiki

Abysssec Inc Public Advisory Title : Telepark Wiki Multiple Remote Vulnerabilities Affected Version : <= v2423 Vendor Site : wwwteamtodocom Discovery : wwwAbyssseccom Vendor contact : 8 november Vendor response : 9 november (patch is available in vendor website) Description : now vendor patched all vulnerabities and you ca ...

# # [+] Vulnerability : ProShow Gold 4 BOF # [+] Detected by : Bkis - blogbkiscom/?p=737 # [*] Sploit coded by : corelanc0d3r (corelanc0d3r[at]gmail[dot]com) # [*] Sploit coded on : August 20, 2009 # [*] Type : local # [*] OS : Windows # [*] Product : Photodex ProShow Gold # [*] Versions ...

CWE-22 http://secunia.com/advisories/37391 http://www.osvdb.org/60216 http://www.osvdb.org/60218 http://www.osvdb.org/60217 http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt http://www.exploit-db.com/exploits/9483 https://exchange.xforce.ibmcloud.com/vulnerabilities/54327 https://nvd.nist.gov https://www.exploit-db.com/exploits/10101/

CVE-2009-4088

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect