CVE

Id
40970  
CVE No.
CVE-2009-3535  
Status
Candidate  
Description
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.  
Phase
Assigned (20091002)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
448550 40970 CVE-2009-3535 MILW0RM:9089  View
448551 40970 CVE-2009-3535 URL:http://www.milw0rm.com/exploits/9089  View
448552 40970 CVE-2009-3535 MISC:http://packetstormsecurity.org/0907-exploits/clearcontent-rfilfi.txt  View
448553 40970 CVE-2009-3535 OSVDB:55742  View
448554 40970 CVE-2009-3535 URL:http://www.osvdb.org/55742  View
448555 40970 CVE-2009-3535 SECUNIA:35726  View
448556 40970 CVE-2009-3535 URL:http://secunia.com/advisories/35726  View
448557 40970 CVE-2009-3535 XF:clearcontent-image-file-include(51629)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
45373 JVNDB-2009-006380 YourFreeWorld Ultra Classifieds Pro におけるクロスサイトスクリプティングの脆弱性 YourFreeWorld Ultra Classifieds Pro には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2009-3539 40970 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-006380.html  View