Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-10005

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-20 Aug, 2025 | 15:31
Updated At-20 Aug, 2025 | 19:22
Rejected At-
Credits

ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:20 Aug, 2025 | 15:31
Updated At:20 Aug, 2025 | 19:22
Rejected At:
▼CVE Numbering Authority (CNA)
ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.

Affected Products
Vendor
ContentKeeper Technologies
Product
Web Appliance
Modules
  • mimencode CGI binary
Default Status
unaffected
Versions
Affected
  • From * before 125.10 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-552CWE-552 Files or Directories Accessible to External Parties
Type: CWE
CWE ID: CWE-552
Description: CWE-552 Files or Directories Accessible to External Parties
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-137CAPEC-137 Parameter Injection
CAPEC ID: CAPEC-137
Description: CAPEC-137 Parameter Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Patrick Webster (aushack)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
exploit
https://www.exploit-db.com/exploits/16923
exploit
http://www.aushack.com/200904-contentkeeper.txt
technical-description
https://web.archive.org/web/20100325220542/http://www.contentkeeper.com/
product
https://www.vulncheck.com/advisories/contentkeeper-web-appliance-arbitrary-file-access-via-mimencode
third-party-advisory
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
Resource:
exploit
Hyperlink: https://www.exploit-db.com/exploits/16923
Resource:
exploit
Hyperlink: http://www.aushack.com/200904-contentkeeper.txt
Resource:
technical-description
Hyperlink: https://web.archive.org/web/20100325220542/http://www.contentkeeper.com/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/contentkeeper-web-appliance-arbitrary-file-access-via-mimencode
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:20 Aug, 2025 | 16:15
Updated At:22 Aug, 2025 | 18:09

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-552Secondarydisclosure@vulncheck.com
CWE ID: CWE-552
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.aushack.com/200904-contentkeeper.txtdisclosure@vulncheck.com
N/A
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rbdisclosure@vulncheck.com
N/A
https://web.archive.org/web/20100325220542/http://www.contentkeeper.com/disclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/16923disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/contentkeeper-web-appliance-arbitrary-file-access-via-mimencodedisclosure@vulncheck.com
N/A
Hyperlink: http://www.aushack.com/200904-contentkeeper.txt
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://web.archive.org/web/20100325220542/http://www.contentkeeper.com/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/16923
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/contentkeeper-web-appliance-arbitrary-file-access-via-mimencode
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2024-6911
Matching Score-4
Assigner-CyberDanube
ShareView Details
Matching Score-4
Assigner-CyberDanube
CVSS Score-8.7||HIGH
EPSS-93.90% / 99.87%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 20:44
Updated-13 Feb, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Local File Inclusion

Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.

Action-Not Available
Vendor-perkinelmerPerkinElmerperkin_elmer
Product-processplusProcessPlusprocess_plus
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2025-14896
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.7||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 16:20
Updated-19 Dec, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitive information.

Action-Not Available
Vendor-yuzutech
Product-kroki
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2019-25239
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.10% / 26.46%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 19:27
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download

V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.

Action-Not Available
Vendor-Guangzhou V-SOLUTION Electronic Technology
Product-GPON/EPON OLT Platform
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-4463
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 22:07
Updated-14 Nov, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.

Action-Not Available
Vendor-Shenzhen Longjing Technology Co. Ltd.
Product-BEMS API
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2025-34139
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.15% / 35.33%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 15:54
Updated-19 Nov, 2025 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.

Action-Not Available
Vendor-Sitecore
Product-Experience Manager (XM)Experience Platform (XP)Experience Commerce (XC)Managed Cloud
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-552
Files or Directories Accessible to External Parties
Details not found