Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3677

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3677
Last Modified 06 Feb 2009 01:57:59
Published 14 Aug 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3677

Summary

Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.

Vulnerable Systems

Application

  • Openfreeway Freeway 1.0.25

  • Openfreeway Freeway 1.0.59

  • Openfreeway Freeway 1.0.60

  • Openfreeway Freeway 1.1.1.81

  • Openfreeway Freeway 1.2.0.113

  • Openfreeway Freeway 1.3.0.142

  • Openfreeway Freeway 1.3.1.147

  • Openfreeway Freeway 1.3.2.154

  • Openfreeway Freeway 1.3.2.160

  • Openfreeway Freeway 1.4

  • Openfreeway Freeway 1.4.1


References

XF - freeway-unspecified-file-include(44426)

BID - 30676

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=619467

SECUNIA - 31475


Last Updated: 27 May 2016 10:48:16