CVE-2007-0115
published 2007-01-09CVE-2007-0115: Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via…
PriorityP426medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
1.09%
61.1th percentile
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | <= 1.4.10 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-6337 clamav: undocumented bzlib issue
bugzilla·2007-12-20·CVSS 10.0
CVE-2007-6337 [CRITICAL] CVE-2007-6337 clamav: undocumented bzlib issue
CVE-2007-6337 clamav: undocumented bzlib issue
Debian clamav packages were updated and mention following fix in the changelog:
* [CVE-2007-6337]: libclamav/nsis/bzlib_private.h: Undocumented bzlib issue
http://packages.debian.org/changelogs/pool/main/c/clamav/clamav_0.91.2-4.0lenny1/changelog#versionversion0.91.2-4.0lenny1
No further details are currently available about this issue.
Patch is available in Gentoo Bugzilla:
https://bugs.gentoo.org/show_bug.cgi?id=202762#c5
and is included in new upstream version 0.92.
Discussion:
This issue was addressed in:
Fedora:
https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0170
https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0115
Bugzilla
CVE-2007-6336 clamav: off-by-one in the MS-ZIP decompression code
bugzilla·2007-12-20·CVSS 6.8
CVE-2007-6336 [MEDIUM] CVE-2007-6336 clamav: off-by-one in the MS-ZIP decompression code
CVE-2007-6336 clamav: off-by-one in the MS-ZIP decompression code
Debian security advisory DSA-1435-1 annouces fix for following issue:
# CVE-2007-6336
It was discovered that on off-by-one in the MS-ZIP decompression code may lead
to the execution of arbitrary code.
http://www.debian.org/security/2007/dsa-1435
Patch for the issue is available in the Gentoo Bugzilla:
https://bugs.gentoo.org/show_bug.cgi?id=202762#c4
and is included in upstream version 0.92.
Discussion:
This issue was addressed in:
Fedora:
https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0170
https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0115
http://acid-root.new.fr/poc/19070104.txthttp://osvdb.org/33383http://securityreason.com/securityalert/2107http://www.attrition.org/pipermail/vim/2007-January/001218.htmlhttp://www.securityfocus.com/archive/1/456051/100/0/threadedhttp://acid-root.new.fr/poc/19070104.txthttp://osvdb.org/33383http://securityreason.com/securityalert/2107http://www.attrition.org/pipermail/vim/2007-January/001218.htmlhttp://www.securityfocus.com/archive/1/456051/100/0/threaded
2007-01-09
Published