Search criteria
3 vulnerabilities by yerba
CVE-2008-5873 (GCVE-0-2008-5873)
Vulnerability from cvelistv5 – Published: 2009-01-08 18:13 – Updated: 2024-08-07 11:13
VLAI
Summary
Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32093 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/31619 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/6691 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/4883 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-10-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32093"
},
{
"name": "31619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31619"
},
{
"name": "6691",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6691"
},
{
"name": "yerbasacphp-galletasesion-security-bypass(45734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45734"
},
{
"name": "4883",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32093"
},
{
"name": "31619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31619"
},
{
"name": "6691",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6691"
},
{
"name": "yerbasacphp-galletasesion-security-bypass(45734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45734"
},
{
"name": "4883",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32093"
},
{
"name": "31619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31619"
},
{
"name": "6691",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6691"
},
{
"name": "yerbasacphp-galletasesion-security-bypass(45734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45734"
},
{
"name": "4883",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5873",
"datePublished": "2009-01-08T18:13:00.000Z",
"dateReserved": "2009-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:13:13.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5867 (GCVE-0-2008-5867)
Vulnerability from cvelistv5 – Published: 2009-01-07 20:00 – Updated: 2024-08-07 11:13
VLAI
Summary
Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32093 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/31619 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32093"
},
{
"name": "31619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31619"
},
{
"name": "yerbasacphp-index-file-include(45733)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32093"
},
{
"name": "31619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31619"
},
{
"name": "yerbasacphp-index-file-include(45733)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32093"
},
{
"name": "31619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31619"
},
{
"name": "yerbasacphp-index-file-include(45733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5867",
"datePublished": "2009-01-07T20:00:00.000Z",
"dateReserved": "2009-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:13:13.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4486 (GCVE-0-2008-4486)
Vulnerability from cvelistv5 – Published: 2008-10-08 01:00 – Updated: 2024-08-07 10:17
VLAI
Summary
Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/4368 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/31606 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/32093 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/2754 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/6687 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/archive/1/497103 | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-10-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4368",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4368"
},
{
"name": "31606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31606"
},
{
"name": "32093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32093"
},
{
"name": "ADV-2008-2754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2754"
},
{
"name": "yerbasacphp-mod-file-include(45708)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45708"
},
{
"name": "6687",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6687"
},
{
"name": "20081006 Yerba SACphp \u003c= 6.3 / Local File Inclusion Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4368",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4368"
},
{
"name": "31606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31606"
},
{
"name": "32093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32093"
},
{
"name": "ADV-2008-2754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2754"
},
{
"name": "yerbasacphp-mod-file-include(45708)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45708"
},
{
"name": "6687",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6687"
},
{
"name": "20081006 Yerba SACphp \u003c= 6.3 / Local File Inclusion Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4368",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4368"
},
{
"name": "31606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31606"
},
{
"name": "32093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32093"
},
{
"name": "ADV-2008-2754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2754"
},
{
"name": "yerbasacphp-mod-file-include(45708)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45708"
},
{
"name": "6687",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6687"
},
{
"name": "20081006 Yerba SACphp \u003c= 6.3 / Local File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4486",
"datePublished": "2008-10-08T01:00:00.000Z",
"dateReserved": "2008-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:17:09.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}