Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by telepark
CVE-2009-4090 (GCVE-0-2009-4090)
Vulnerability from nvd – Published: 2009-11-27 20:45 – Updated: 2024-08-07 06:54
VLAI
Summary
Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.telepark.com/telepark-web-software/20… | x_refsource_CONFIRM |
| http://www.osvdb.org/60219 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/37391 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/0911-exploits/Tele… | x_refsource_MISC |
Date Public
2009-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "60219",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60219"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-addcomment-file-upload(54294)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "60219",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60219"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-addcomment-file-upload(54294)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
"refsource": "CONFIRM",
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "60219",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60219"
},
{
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-addcomment-file-upload(54294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54294"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4090",
"datePublished": "2009-11-27T20:45:00.000Z",
"dateReserved": "2009-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:09.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4089 (GCVE-0-2009-4089)
Vulnerability from nvd – Published: 2009-11-27 20:45 – Updated: 2024-08-07 06:54
VLAI
Summary
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://blog.telepark.com/telepark-web-software/20… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/9483 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/60215 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/37391 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/60214 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/0911-exploits/Tele… | x_refsource_MISC |
Date Public
2009-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "60215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60215"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-page-comment-security-bypass(54329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54329"
},
{
"name": "60214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "60215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60215"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-page-comment-security-bypass(54329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54329"
},
{
"name": "60214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
"refsource": "CONFIRM",
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "60215",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60215"
},
{
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-page-comment-security-bypass(54329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54329"
},
{
"name": "60214",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60214"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4089",
"datePublished": "2009-11-27T20:45:00.000Z",
"dateReserved": "2009-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:10.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4088 (GCVE-0-2009-4088)
Vulnerability from nvd – Published: 2009-11-27 20:45 – Updated: 2024-08-07 06:54
VLAI
Summary
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://blog.telepark.com/telepark-web-software/20… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/9483 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/37391 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/60218 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/60216 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/60217 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/0911-exploits/Tele… | x_refsource_MISC |
Date Public
2009-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60218"
},
{
"name": "teleparkwiki-multiple-file-include(54327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54327"
},
{
"name": "60216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60216"
},
{
"name": "60217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60218"
},
{
"name": "teleparkwiki-multiple-file-include(54327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54327"
},
{
"name": "60216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60216"
},
{
"name": "60217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
"refsource": "CONFIRM",
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "60218",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60218"
},
{
"name": "teleparkwiki-multiple-file-include(54327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54327"
},
{
"name": "60216",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60216"
},
{
"name": "60217",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60217"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4088",
"datePublished": "2009-11-27T20:45:00.000Z",
"dateReserved": "2009-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:09.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4087 (GCVE-0-2009-4087)
Vulnerability from nvd – Published: 2009-11-27 20:45 – Updated: 2024-08-07 06:54
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.telepark.com/telepark-web-software/20… | x_refsource_CONFIRM |
| http://secunia.com/advisories/37391 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/60213 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/0911-exploits/Tele… | x_refsource_MISC |
Date Public
2009-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:08.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-index-xss(54293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293"
},
{
"name": "60213",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-index-xss(54293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293"
},
{
"name": "60213",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
"refsource": "CONFIRM",
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-index-xss(54293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293"
},
{
"name": "60213",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60213"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4087",
"datePublished": "2009-11-27T20:45:00.000Z",
"dateReserved": "2009-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:08.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4087 (GCVE-0-2009-4087)
Vulnerability from cvelistv5 – Published: 2009-11-27 20:45 – Updated: 2024-08-07 06:54
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.telepark.com/telepark-web-software/20… | x_refsource_CONFIRM |
| http://secunia.com/advisories/37391 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/60213 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/0911-exploits/Tele… | x_refsource_MISC |
Date Public
2009-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:08.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-index-xss(54293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293"
},
{
"name": "60213",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-index-xss(54293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293"
},
{
"name": "60213",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
"refsource": "CONFIRM",
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-index-xss(54293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293"
},
{
"name": "60213",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60213"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4087",
"datePublished": "2009-11-27T20:45:00.000Z",
"dateReserved": "2009-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:08.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4089 (GCVE-0-2009-4089)
Vulnerability from cvelistv5 – Published: 2009-11-27 20:45 – Updated: 2024-08-07 06:54
VLAI
Summary
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://blog.telepark.com/telepark-web-software/20… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/9483 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/60215 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/37391 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/60214 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/0911-exploits/Tele… | x_refsource_MISC |
Date Public
2009-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "60215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60215"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-page-comment-security-bypass(54329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54329"
},
{
"name": "60214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "60215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60215"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-page-comment-security-bypass(54329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54329"
},
{
"name": "60214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
"refsource": "CONFIRM",
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "60215",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60215"
},
{
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-page-comment-security-bypass(54329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54329"
},
{
"name": "60214",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60214"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4089",
"datePublished": "2009-11-27T20:45:00.000Z",
"dateReserved": "2009-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:10.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4090 (GCVE-0-2009-4090)
Vulnerability from cvelistv5 – Published: 2009-11-27 20:45 – Updated: 2024-08-07 06:54
VLAI
Summary
Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://blog.telepark.com/telepark-web-software/20… | x_refsource_CONFIRM |
| http://www.osvdb.org/60219 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/37391 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/0911-exploits/Tele… | x_refsource_MISC |
Date Public
2009-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "60219",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60219"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-addcomment-file-upload(54294)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "60219",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60219"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-addcomment-file-upload(54294)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
"refsource": "CONFIRM",
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "60219",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60219"
},
{
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-addcomment-file-upload(54294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54294"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4090",
"datePublished": "2009-11-27T20:45:00.000Z",
"dateReserved": "2009-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:09.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4088 (GCVE-0-2009-4088)
Vulnerability from cvelistv5 – Published: 2009-11-27 20:45 – Updated: 2024-08-07 06:54
VLAI
Summary
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://blog.telepark.com/telepark-web-software/20… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/9483 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/37391 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/60218 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/60216 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/60217 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/0911-exploits/Tele… | x_refsource_MISC |
Date Public
2009-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60218"
},
{
"name": "teleparkwiki-multiple-file-include(54327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54327"
},
{
"name": "60216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60216"
},
{
"name": "60217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "37391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37391"
},
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60218"
},
{
"name": "teleparkwiki-multiple-file-include(54327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54327"
},
{
"name": "60216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60216"
},
{
"name": "60217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
"refsource": "CONFIRM",
"url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
},
{
"name": "9483",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9483"
},
{
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "60218",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60218"
},
{
"name": "teleparkwiki-multiple-file-include(54327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54327"
},
{
"name": "60216",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60216"
},
{
"name": "60217",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60217"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4088",
"datePublished": "2009-11-27T20:45:00.000Z",
"dateReserved": "2009-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:09.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}