Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-4342

EPSS 21.24% · P96
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-4342

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
NuMedia Soft NMS DVD Burning ActiveX控件覆盖和创建任意文件漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX 控件 (NMSDVDX.dll) 1.013C 及其早期版本, 当在CDBurnerXP 4.2.1.976中运行时, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, 以及其他可能产品, 远程攻击者可以通过对EnableLog和LogMessage方法提交的请求来写满和创建任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2008-4342

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2008-4342

Please Login to view more intelligence information

Same Patch Batch · n/a · 2008-09-30 · 41 CVEs total

CVE-2008-4337Bitweaver跨站脚本漏洞
CVE-2008-4328EasyRealtorPRO 2008 site_search.php SQL注入漏洞
CVE-2008-4329openEngine cms/system/openengine.php PHP远程文件包含漏洞
CVE-2008-4330LanSuite index.php 目录遍历漏洞
CVE-2008-4331phpOCS library/pagefunctions.inc.php 目录遍历漏洞
CVE-2008-4332PHP infoBoard func.php SQL注入漏洞
CVE-2008-4333PHP infoBoard isname参数跨站脚本漏洞
CVE-2008-4334PHP infoBoard绕过认证和获得权限漏洞
CVE-2008-4335Atomic Photo Album album.php跨站脚本漏洞
CVE-2008-4336Atomic Photo Album 跨站脚本漏洞
CVE-2008-4094Ruby on Rails SQL注入漏洞
CVE-2008-4338Drupal Brilliant Gallery SQL注入漏洞
CVE-2008-4339Symantec Veritas NetBackup Java Administration GUI 远程权限提升漏洞
CVE-2008-4340Google Chrome 特定HTML拒绝服务漏洞
CVE-2008-4341MyBlog add.php绕过认证和权限提升漏洞
CVE-2008-4343Chilkat XML ActiveX控件不安全方式调用漏洞
CVE-2008-43446rbScript cat.php SQL注入漏洞
CVE-2008-4325ViewVC 跨站脚本攻击漏洞
CVE-2008-4326phpMyAdmin PMA_escapeJsString()跨站脚本漏洞
CVE-2008-4327Microsoft Windows GDI+ GDIPLUS.dll库ICO文件处理拒绝服务漏洞

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2008-4342

No comments yet

Leave a comment