CVE-2007-0300
published 2007-01-18CVE-2007-0300: PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP343medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.76%
84.4th percentile
PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tlm_cms | tlm_cms | <= 1.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
exploitdb·2007-01-29
CVE-2007-0467 Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
---
#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre
# Lance M. Havok
# All pwnage reserved.
#
# 1) Stop crashdump from writing to ~/Library/Logs via chmod 000 ~/Library/Logs/CrashReporter
# 2) Make symlink to /Library/Logs/CrashReporter/knownprog.crash.log
# 3) Create a program with a modified __LINKEDIT segment that influences crashreporter output
#
# 0000320: 3800 0000 5f5f 4c49 4e4b 4544 4954 0000 8...__LINKEDIT..
# 0000330: 0000 0000 0040 0000 0010 0000 0030 0000 [email protected]..
# 0000340: 2004 0000 0300 0000 0100 0000 0000 0000 ...............
# 0000350: 0400 0000 0e00 0000 1c00 0000 0c00 0000 ................
# 0000360: 2f75 7372 2f6c 6962 2f64 796c 6400 0000 /usr/lib/dyld...
# 0000370: 0c00 0000 3400 000
Exploit-DB
TLM CMS 1.1 - 'i-accueil.php?chemin' Remote File Inclusion
exploitdb·2007-01-12
CVE-2007-0300 TLM CMS 1.1 - 'i-accueil.php?chemin' Remote File Inclusion
TLM CMS 1.1 - 'i-accueil.php?chemin' Remote File Inclusion
---
/###################################################################\
# Citations Aléatoires v1.1 #
# ========================================================= #
# Published : 2007-01-12 #
# Remote: Yes #
# Site: ftp://ftp1.comscripts.com/PHP/1809_citation-11.zip #
#####################################################################
# Author: GolD_M = Mahmood_ali #
# Contact: [email protected] #
# ===================================================== #
# ThanX =All My Friends& ABDULLAH00& AsbMay& ToOoFa& KaBaRa& str0ke #
# SpeciaL GreeTz : Tryag-Team & 4lKaSrGoLd3n-Team #
\###################################################################/
# /i-accueil.php #
# Line: #
# /13 #
# Vulnerable Code: #
# include("$chemin/mod_news/inde
No writeups or analysis indexed.
http://attrition.org/pipermail/vim/2007-January/001238.htmlhttp://osvdb.org/32814http://secunia.com/advisories/23722http://www.securityfocus.com/bid/22021http://www.vupen.com/english/advisories/2007/0176https://www.exploit-db.com/exploits/3118http://attrition.org/pipermail/vim/2007-January/001238.htmlhttp://osvdb.org/32814http://secunia.com/advisories/23722http://www.securityfocus.com/bid/22021http://www.vupen.com/english/advisories/2007/0176https://www.exploit-db.com/exploits/3118
2007-01-18
Published