CVE-2007-0171
published 2007-01-11CVE-2007-0171: PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.23%
86.7th percentile
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| allmylinks_project | allmylinks | <= 0.5 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f3wg-7fw7-8j9v: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2007-0171 [HIGH] GHSA-f3wg-7fw7-8j9v: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.
Red Hat
firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)
vendor_redhat·2010-03-23·CVSS 4.3
CVE-2010-0171 [MEDIUM] CWE-79 firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)
firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.
No detection rules found.
http://osvdb.org/35909http://www.securityfocus.com/bid/21916https://exchange.xforce.ibmcloud.com/vulnerabilities/31314https://www.exploit-db.com/exploits/3096http://osvdb.org/35909http://www.securityfocus.com/bid/21916https://exchange.xforce.ibmcloud.com/vulnerabilities/31314https://www.exploit-db.com/exploits/3096
2007-01-11
Published