CVE-2009-5067
CVE-2009-5067
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.htmlunverifiedexploitdbwww.exploit-db.com/exploits/10012unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=526513http://user.it.uu.se/~jan/html2ps-1.0b7.tar.gzhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:161http://www.openwall.com/lists/oss-security/2012/10/05/1http://www.openwall.com/lists/oss-security/2012/10/05/5http://www.securityfocus.com/bid/36524