CVE-2011-0049

EPSS 95.4%

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 95.4%KEV nãoPoC públicaNuclei simMetasploit simPatch —

Lifecycle

03 Feb 2011Public PoC

04 Feb 2011Published on NVD

08 Mar 2011Metasploit module available

Recommendation: Plan a near-term fix — a public PoC already exists.

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/16103unverified exploitdbwww.exploit-db.com/exploits/16103unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/70762 https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481 https://bugzilla.mozilla.org/show_bug.cgi?id=628064 http://secunia.com/advisories/43125 http://securityreason.com/securityalert/8061 https://exchange.xforce.ibmcloud.com/vulnerabilities/65113 https://sitewat.ch/en/Advisory/View/1 http://www.exploit-db.com/exploits/16103 http://www.kb.cert.org/vuls/id/363726 http://www.securityfocus.com/archive/1/516150/100/0/threaded http://www.securityfocus.com/bid/46127 http://www.securitytracker.com/id?1025024