exploitDog

CVE-2010-2584

Опубликовано: 26 окт. 2010

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property.

Ссылки

http://secunia.com/advisories/41392
Vendor Advisory
http://secunia.com/secunia_research/2010-118/
Vendor Advisory
http://www.osvdb.org/68813
http://www.securityfocus.com/bid/44302
http://secunia.com/advisories/41392
Vendor Advisory
http://secunia.com/secunia_research/2010-118/
Vendor Advisory
http://www.osvdb.org/68813
http://www.securityfocus.com/bid/44302

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:realpage:module_activex_controls:1.0.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00493

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-h529-w228-f427

github

больше 3 лет назад

The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property.

EPSS

Процентиль: 65%

0.00493

Низкий

5 Medium

CVSS2

Дефекты

CWE-264