Lucene search
K

4 matches found

seebug.org
seebug.org
added 2009/04/28 12:0 a.m.27 views

NotFTP config.php本地文件包含漏洞

BUGTRAQ ID: 34636 CVECAN ID: CVE-2009-1407 NotFTP是用PHP编写的基于Web的HTTP-FTP网关。 NotFTP的config.php脚本没有正确地过滤用户所提交的参数,如果远程攻击者在提交的URL请求中使用newlang参数指定了本地系统的恶意文件的话,就可能在Web服务器上读取敏感信息或执行任意代码。以下是config.php脚本中的有漏洞代码段: if isset$newlang requireonce"lib/lang/".$languages$newlang"file"; elseif...

6.8CVSS6.4AI score0.01885EPSS
Exploits2
NVD
NVD
added 2009/04/24 2:30 p.m.25 views

CVE-2009-1407

Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. dot dot in a certain languagesfile parameter...

6.8CVSS6.6AI score0.01885EPSS
Exploits2References3
CVE
CVE
added 2009/04/24 2:0 p.m.47 views

CVE-2009-1407

NotFTP 1.3.1 is affected by a directory traversal/Local File Inclusion in config.php. The script fails to properly filter user input in languages[][file] (and related language loading logic), allowing remote attackers to read arbitrary local files via crafted URLs (e.g., .. paths). The vulnerabil...

6.8CVSS6.8AI score0.01885EPSS
Exploits2References3Affected Software1
Circl
Circl
added 2009/04/21 12:0 a.m.5 views

CVE-2009-1407

creationtimestamp| type| source ---|---|--- 2009-04-21 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8504...

6.8CVSS5.8AI score0.01885EPSS
Exploits2References1
Rows per page
Query Builder