Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-5067

Published: 10/10/2012 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Html2ps Project

Vulnerability Summary

Directory traversal vulnerability in html2ps prior to 1.0b6 allows remote malicious users to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

Vulnerable Product Search on Vulmon Subscribe to Product

html2ps project html2ps 1.0

html2ps project html2ps

Exploits

Exploit DB: html2ps - 'include file' Server-Side Include Directive Directory Traversal
#!/usr/bin/env python # # html2ps <= 10 beta5 arbitrary file disclosure # userituuse/~jan/html2pshtml # author: epiphant <epiphant0@gmailcom> # # the "include file" ssi directive doesn't check for directory # traversal so you can include and disclose any file in the # dir tree (very handy when html2ps is running as a part of ...

References

CWE-22http://www.openwall.com/lists/oss-security/2012/10/05/5http://www.securityfocus.com/bid/36524https://bugzilla.redhat.com/show_bug.cgi?id=526513http://www.mandriva.com/security/advisories?name=MDVSA-2012:161http://user.it.uu.se/~jan/html2ps-1.0b7.tar.gzhttp://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.htmlhttp://www.openwall.com/lists/oss-security/2012/10/05/1http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633https://nvd.nist.govhttps://www.exploit-db.com/exploits/10012/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook