CVE-2008-6938
CVE-2008-6938
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/7109unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.htmlhttp://secunia.com/advisories/32696https://exchange.xforce.ibmcloud.com/vulnerabilities/46600https://www.exploit-db.com/exploits/7109http://www.osvdb.org/49998http://www.osvdb.org/49999http://www.securityfocus.com/archive/1/498575http://www.securityfocus.com/archive/1/498602http://www.securityfocus.com/archive/1/498770http://www.securityfocus.com/archive/1/498771http://www.securityfocus.com/archive/1/498865http://www.securityfocus.com/bid/32287