Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for pluck by pluck
CVE-2008-3851 (GCVE-0-2008-3851)
Vulnerability from nvd – Published: 2008-08-27 23:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.3"
},
{
"name": "30820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30820"
},
{
"name": "pluck-index-file-include(44677)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44677"
},
{
"name": "4195",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4195"
},
{
"name": "6300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6300"
},
{
"name": "31607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31607"
},
{
"name": "20080825 [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495706/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.3"
},
{
"name": "30820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30820"
},
{
"name": "pluck-index-file-include(44677)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44677"
},
{
"name": "4195",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4195"
},
{
"name": "6300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6300"
},
{
"name": "31607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31607"
},
{
"name": "20080825 [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495706/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pluck-cms.org/releasenotes.php#4.5.3",
"refsource": "CONFIRM",
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.3"
},
{
"name": "30820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30820"
},
{
"name": "pluck-index-file-include(44677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44677"
},
{
"name": "4195",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4195"
},
{
"name": "6300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6300"
},
{
"name": "31607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31607"
},
{
"name": "20080825 [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495706/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3851",
"datePublished": "2008-08-27T23:00:00.000Z",
"dateReserved": "2008-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3574 (GCVE-0-2008-3574)
Vulnerability from nvd – Published: 2008-08-10 20:00 – Updated: 2024-08-07 09:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pluck-multiple-xss(44237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44237"
},
{
"name": "20080804 Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495110/100/0/threaded"
},
{
"name": "30542",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30542"
},
{
"name": "4125",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pluck-multiple-xss(44237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44237"
},
{
"name": "20080804 Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495110/100/0/threaded"
},
{
"name": "30542",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30542"
},
{
"name": "4125",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pluck-multiple-xss(44237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44237"
},
{
"name": "20080804 Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495110/100/0/threaded"
},
{
"name": "30542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30542"
},
{
"name": "4125",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3574",
"datePublished": "2008-08-10T20:00:00.000Z",
"dateReserved": "2008-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:18.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3194 (GCVE-0-2008-3194)
Vulnerability from nvd – Published: 2008-07-16 18:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2008-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2104/references"
},
{
"name": "6074",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6074"
},
{
"name": "3996",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3996"
},
{
"name": "pluck-predefinedvariables-file-include(43741)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43741"
},
{
"name": "31088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31088"
},
{
"name": "30218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_48.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2104/references"
},
{
"name": "6074",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6074"
},
{
"name": "3996",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3996"
},
{
"name": "pluck-predefinedvariables-file-include(43741)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43741"
},
{
"name": "31088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31088"
},
{
"name": "30218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_48.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2104/references"
},
{
"name": "6074",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6074"
},
{
"name": "3996",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3996"
},
{
"name": "pluck-predefinedvariables-file-include(43741)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43741"
},
{
"name": "31088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31088"
},
{
"name": "30218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30218"
},
{
"name": "http://www.pluck-cms.org/releasenotes.php#4.5.2",
"refsource": "CONFIRM",
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.2"
},
{
"name": "http://www.bugreport.ir/index_48.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_48.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3194",
"datePublished": "2008-07-16T18:00:00.000Z",
"dateReserved": "2008-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:41.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4181 (GCVE-0-2007-4181)
Vulnerability from nvd – Published: 2007-08-08 01:11 – Updated: 2024-08-07 14:46 Disputed
VLAI?
Summary
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pluck-theme-file-include(35756)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35756"
},
{
"name": "2973",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://outlaw.aria-security.info/?p=12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pluck-theme-file-include(35756)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35756"
},
{
"name": "2973",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://outlaw.aria-security.info/?p=12"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pluck-theme-file-include(35756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35756"
},
{
"name": "2973",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"name": "http://outlaw.aria-security.info/?p=12",
"refsource": "MISC",
"url": "http://outlaw.aria-security.info/?p=12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4181",
"datePublished": "2007-08-08T01:11:00.000Z",
"dateReserved": "2007-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4180 (GCVE-0-2007-4180)
Vulnerability from nvd – Published: 2007-08-08 01:11 – Updated: 2024-08-07 14:46 Disputed
VLAI?
Summary
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pluck-theme-directory-traversal(35757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35757"
},
{
"name": "2973",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://outlaw.aria-security.info/?p=12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pluck-theme-directory-traversal(35757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35757"
},
{
"name": "2973",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://outlaw.aria-security.info/?p=12"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pluck-theme-directory-traversal(35757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35757"
},
{
"name": "2973",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"name": "http://outlaw.aria-security.info/?p=12",
"refsource": "MISC",
"url": "http://outlaw.aria-security.info/?p=12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4180",
"datePublished": "2007-08-08T01:11:00.000Z",
"dateReserved": "2007-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3851 (GCVE-0-2008-3851)
Vulnerability from cvelistv5 – Published: 2008-08-27 23:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.3"
},
{
"name": "30820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30820"
},
{
"name": "pluck-index-file-include(44677)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44677"
},
{
"name": "4195",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4195"
},
{
"name": "6300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6300"
},
{
"name": "31607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31607"
},
{
"name": "20080825 [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495706/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.3"
},
{
"name": "30820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30820"
},
{
"name": "pluck-index-file-include(44677)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44677"
},
{
"name": "4195",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4195"
},
{
"name": "6300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6300"
},
{
"name": "31607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31607"
},
{
"name": "20080825 [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495706/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pluck-cms.org/releasenotes.php#4.5.3",
"refsource": "CONFIRM",
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.3"
},
{
"name": "30820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30820"
},
{
"name": "pluck-index-file-include(44677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44677"
},
{
"name": "4195",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4195"
},
{
"name": "6300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6300"
},
{
"name": "31607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31607"
},
{
"name": "20080825 [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495706/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3851",
"datePublished": "2008-08-27T23:00:00.000Z",
"dateReserved": "2008-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3574 (GCVE-0-2008-3574)
Vulnerability from cvelistv5 – Published: 2008-08-10 20:00 – Updated: 2024-08-07 09:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pluck-multiple-xss(44237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44237"
},
{
"name": "20080804 Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495110/100/0/threaded"
},
{
"name": "30542",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30542"
},
{
"name": "4125",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pluck-multiple-xss(44237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44237"
},
{
"name": "20080804 Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495110/100/0/threaded"
},
{
"name": "30542",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30542"
},
{
"name": "4125",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pluck-multiple-xss(44237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44237"
},
{
"name": "20080804 Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495110/100/0/threaded"
},
{
"name": "30542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30542"
},
{
"name": "4125",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3574",
"datePublished": "2008-08-10T20:00:00.000Z",
"dateReserved": "2008-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:18.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3194 (GCVE-0-2008-3194)
Vulnerability from cvelistv5 – Published: 2008-07-16 18:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2008-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2104/references"
},
{
"name": "6074",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6074"
},
{
"name": "3996",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3996"
},
{
"name": "pluck-predefinedvariables-file-include(43741)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43741"
},
{
"name": "31088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31088"
},
{
"name": "30218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_48.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2104/references"
},
{
"name": "6074",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6074"
},
{
"name": "3996",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3996"
},
{
"name": "pluck-predefinedvariables-file-include(43741)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43741"
},
{
"name": "31088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31088"
},
{
"name": "30218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_48.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2104/references"
},
{
"name": "6074",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6074"
},
{
"name": "3996",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3996"
},
{
"name": "pluck-predefinedvariables-file-include(43741)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43741"
},
{
"name": "31088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31088"
},
{
"name": "30218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30218"
},
{
"name": "http://www.pluck-cms.org/releasenotes.php#4.5.2",
"refsource": "CONFIRM",
"url": "http://www.pluck-cms.org/releasenotes.php#4.5.2"
},
{
"name": "http://www.bugreport.ir/index_48.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_48.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3194",
"datePublished": "2008-07-16T18:00:00.000Z",
"dateReserved": "2008-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:41.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4181 (GCVE-0-2007-4181)
Vulnerability from cvelistv5 – Published: 2007-08-08 01:11 – Updated: 2024-08-07 14:46 Disputed
VLAI?
Summary
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pluck-theme-file-include(35756)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35756"
},
{
"name": "2973",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://outlaw.aria-security.info/?p=12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pluck-theme-file-include(35756)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35756"
},
{
"name": "2973",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://outlaw.aria-security.info/?p=12"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pluck-theme-file-include(35756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35756"
},
{
"name": "2973",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"name": "http://outlaw.aria-security.info/?p=12",
"refsource": "MISC",
"url": "http://outlaw.aria-security.info/?p=12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4181",
"datePublished": "2007-08-08T01:11:00.000Z",
"dateReserved": "2007-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4180 (GCVE-0-2007-4180)
Vulnerability from cvelistv5 – Published: 2007-08-08 01:11 – Updated: 2024-08-07 14:46 Disputed
VLAI?
Summary
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pluck-theme-directory-traversal(35757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35757"
},
{
"name": "2973",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://outlaw.aria-security.info/?p=12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pluck-theme-directory-traversal(35757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35757"
},
{
"name": "2973",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://outlaw.aria-security.info/?p=12"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pluck-theme-directory-traversal(35757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35757"
},
{
"name": "2973",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2973"
},
{
"name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html"
},
{
"name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded"
},
{
"name": "http://outlaw.aria-security.info/?p=12",
"refsource": "MISC",
"url": "http://outlaw.aria-security.info/?p=12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4180",
"datePublished": "2007-08-08T01:11:00.000Z",
"dateReserved": "2007-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}