CVE-2008-1000

Apple Mac OS X 10.5.2 - Authenticated Path Traversal and Arbitrary File Write via Wiki Server File Attachments

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1000. PoCs published by Rodrigo Carvalho.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Apple Mac OS X Server Wiki Server 10.5, allowing authenticated users to write arbitrary files outside the intended directory via manipulated file uploads.

Description

Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Rodrigo Carvalho · textremoteosx
https://www.exploit-db.com/exploits/31412

This exploit demonstrates a directory traversal vulnerability in Apple Mac OS X Server Wiki Server 10.5, allowing authenticated users to write arbitrary files outside the intended directory via manipulated file uploads.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apple Mac OS X Server Wiki Server 10.5
Auth required
Prerequisites: Authenticated wiki user access · Paros proxy or similar intercepting tool
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019660
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41278
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489786/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0924/references
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29420
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28278
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562

Scores

EPSS 0.0398
EPSS Percentile 88.5%

Details

CWE
CWE-22
Status published
Products (2)
apple/mac_os_x 10.5.2
apple/mac_os_x_server 10.5.2
Published Mar 18, 2008
Tracked Since Feb 18, 2026