CVE

Id
39442  
CVE No.
CVE-2009-2007  
Status
Candidate  
Description
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a .. (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php.  
Phase
Assigned (20090608)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
434517 39442 CVE-2009-2007 MISC:http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.html  View
434518 39442 CVE-2009-2007 CONFIRM:http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8  View
434519 39442 CVE-2009-2007 BID:34928  View
434520 39442 CVE-2009-2007 URL:http://www.securityfocus.com/bid/34928  View
434521 39442 CVE-2009-2007 SECUNIA:34879  View
434522 39442 CVE-2009-2007 URL:http://secunia.com/advisories/34879  View
434523 39442 CVE-2009-2007 VUPEN:ADV-2009-1300  View
434524 39442 CVE-2009-2007 URL:http://www.vupen.com/english/advisories/2009/1300  View
434525 39442 CVE-2009-2007 XF:dokeos-unspecified-directory-traversal(50503)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
42486 JVNDB-2009-003493 Worldweaver DX Studio Player における任意のコマンドを実行される脆弱性 Worldweaver DX Studio Player には、Firefox のプラグインとして使用される際、shell.execute JavaScript API メソッドへのアクセスを制限しないため、任意のコマンドを実行される脆弱性が存在します。 CVE-2009-2011 39442 9.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003493.html  View