Lucene search
FlexeraCVE-2010-2584HistoryOct 26, 2010 - 7:00 p.m.
CVE-2010-2584
2010-10-2619:00:02
CWE-264
flexera
web.nvd.nist.gov
30
realpage module
upload
activex control
file reading
cve-2010-2584
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
70.8%
The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property.
Affected configurations
Node
realpagemodule_activex_controlsMatch1.0.0.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| realpage | module_activex_controls | 1.0.0.9 | cpe:2.3:a:realpage:module_activex_controls:1.0.0.9:*:*:*:*:*:*:* |
Related
prion
prion
Default configuration
2010-10-26 19:00:00
cvelist
cvelist
CVE-2010-2584
2010-10-26 18:00:00
nvd
nvd
CVE-2010-2584
2010-10-26 19:00:02
nessus
nessus
RealPage Module Upload ActiveX Control Multiple Vulnerabilities
2010-11-01 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
70.8%
Related for CVE-2010-2584