CVE-2007-0170
published 2007-01-11CVE-2007-0170: PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.34%
81.5th percentile
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| allmyphp | allmyvisitors | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2007-6337 clamav: undocumented bzlib issue
bugzilla·2007-12-20·CVSS 10.0
CVE-2007-6337 [CRITICAL] CVE-2007-6337 clamav: undocumented bzlib issue
CVE-2007-6337 clamav: undocumented bzlib issue
Debian clamav packages were updated and mention following fix in the changelog:
* [CVE-2007-6337]: libclamav/nsis/bzlib_private.h: Undocumented bzlib issue
http://packages.debian.org/changelogs/pool/main/c/clamav/clamav_0.91.2-4.0lenny1/changelog#versionversion0.91.2-4.0lenny1
No further details are currently available about this issue.
Patch is available in Gentoo Bugzilla:
https://bugs.gentoo.org/show_bug.cgi?id=202762#c5
and is included in new upstream version 0.92.
Discussion:
This issue was addressed in:
Fedora:
https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0170
https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0115
Bugzilla
CVE-2007-6336 clamav: off-by-one in the MS-ZIP decompression code
bugzilla·2007-12-20·CVSS 6.8
CVE-2007-6336 [MEDIUM] CVE-2007-6336 clamav: off-by-one in the MS-ZIP decompression code
CVE-2007-6336 clamav: off-by-one in the MS-ZIP decompression code
Debian security advisory DSA-1435-1 annouces fix for following issue:
# CVE-2007-6336
It was discovered that on off-by-one in the MS-ZIP decompression code may lead
to the execution of arbitrary code.
http://www.debian.org/security/2007/dsa-1435
Patch for the issue is available in the Gentoo Bugzilla:
https://bugs.gentoo.org/show_bug.cgi?id=202762#c4
and is included in upstream version 0.92.
Discussion:
This issue was addressed in:
Fedora:
https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0170
https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0115
http://osvdb.org/35904http://www.securityfocus.com/bid/21917https://exchange.xforce.ibmcloud.com/vulnerabilities/31316https://www.exploit-db.com/exploits/3097http://osvdb.org/35904http://www.securityfocus.com/bid/21917https://exchange.xforce.ibmcloud.com/vulnerabilities/31316https://www.exploit-db.com/exploits/3097
2007-01-11
Published