CVE-2008-1965
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-1965
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM Lotus Expeditor URI处理器命令执行漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Lotus Expeditor之前名为IBM WebSphere Everyplace Deployment,是用于创建、部署和维护各种应用的管理客户端。 Lotus expeditor中的rcplauncher(由lotus symphony套件安装)进程注册了一个cai: uri处理器。由于rcplauncher进程会接受各种参数,因此可能被滥用执行任意代码。例如,-launcher选项参数会执行可执行程序。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-1965
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-1965
Please Login to view more intelligence information
- http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.htmlmailing-listx_refsource_FULLDISC
- https://nvd.nist.gov/vuln/detail/CVE-2008-1965
Same Patch Batch · n/a · 2008-04-25 · 14 CVEs total
| CVE-2008-0712 | HP HPeDiag ActiveX控件信息泄露及远程代码执行漏洞 | |
| CVE-2008-1964 | xine-lib NES声音格式解码器copyright字段栈溢出漏洞 | |
| CVE-2008-1953 | Magnolia Sitedesigner 'query'参数 跨站脚本攻击漏洞 | |
| CVE-2008-1954 | Web Calendar Pro 'one_day.php' SQL注入漏洞 | |
| CVE-2008-1955 | MyBoard 'rep.php'跨站脚本攻击漏洞 | |
| CVE-2008-1956 | Wikepage Opus index.php 跨站脚本攻击漏洞 | |
| CVE-2008-1957 | Tr Script News 'news.php' SQL注入漏洞 | |
| CVE-2008-1958 | Tr script news admin/main.php 无限制文件上传漏洞 | |
| CVE-2008-1959 | SIPp call.cpp文件远程栈溢出漏洞 | |
| CVE-2008-1960 | ContRay cgi-bin/contray/search.cgi 跨站脚本攻击漏洞 | |
| CVE-2008-1961 | Voice of Web AllMyGuests index.php SQL注入漏洞 | |
| CVE-2008-1962 | Aterr 多个目录遍历漏洞 | |
| CVE-2008-1963 | Grape Web Statistics 'includes/functions.php' PHP远程文件包含漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-
V. Comments for CVE-2008-1965
No comments yet