CVE-2007-0395
published 2007-01-19CVE-2007-0395: PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.67%
83.9th percentile
PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| comvironment | comvironment | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q DELETE
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q DELETE"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"q="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005132; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UPDATE
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UPDATE"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005122; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id DELETE
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id DELETE"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005120; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitr
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UNION SELECT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UNION SELECT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"from="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005124; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name I
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from INSERT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from INSERT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"from="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005125; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from DELETE
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from DELETE"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"from="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005126; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q SELECT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q SELECT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"q="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005129; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UNION SELECT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UNION SELECT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"q="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005130; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Ac
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q INSERT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q INSERT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"q="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005131; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from SELECT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from SELECT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"from="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005123; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id SELECT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id SELECT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005117; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitr
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id ASCII
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id ASCII"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005121; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mit
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UPDATE
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UPDATE"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"from="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005128; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access,
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UPDATE
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UPDATE"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"q="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005134; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q ASCII
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q ASCII"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"q="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005133; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UNION SELECT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UNION SELECT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"id="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005118; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id INSERT
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id INSERT"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005119; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitr
Suricata
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0630 [HIGH] ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from ASCII
ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from ASCII"; flow:established,to_server; http.uri; content:"/classes/class.news.php?"; nocase; content:"from="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0630; reference:url,www.frsirt.com/english/advisories/2007/0395; classtype:web-application-attack; sid:2005127; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acces
Exploit-DB
Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution
exploitdb·2007-11-20·CVSS 7.5
CVE-2007-6165 [HIGH] Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution
Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution
---
source: https://www.securityfocus.com/bid/26510/info
Apple Mac OS X is prone to a vulnerability that can allow arbitrary code to run. This issue affects the Mail application when handling email attachments.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. This will compromise the application and possibly the underlying operating system.
This issue affects Mac OS X 10.5.
NOTE: This vulnerability may be related to CVE-2007-0395 documented in BID 16907 (Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities). Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges.
Exploit-DB
ComVironment 4.0 - 'grab_globals.lib.php' Remote File Inclusion
exploitdb·2007-01-18
CVE-2007-0395 ComVironment 4.0 - 'grab_globals.lib.php' Remote File Inclusion
ComVironment 4.0 - 'grab_globals.lib.php' Remote File Inclusion
---
/###################################################################\
# ComVironment 4.0 #
# ========================================================= #
# Published : 2007-01-18 #
# Remote: Yes #
# Site:http://switch.dl.sourceforge.net/sourceforge/comvironment/ #
#####################################################################
# Author: GolD_M = Mahmood_ali #
# Contact: [email protected] #
# ===================================================== #
# ThanX=All My Friends- ABDULLAH00 - Jaeger #
# SpeciaL GreeTz : TrYaG-Team & 4lKaSrGoLd3N-Team #
\###################################################################/
/###################################################################\
# In : #
# /libraries/grab_globals.lib.ph
Exploit-DB
Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit)
exploitdb·2006-03-01
CVE-2006-0395 Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit)
Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit)
---
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Mail.app Image Attachment Command Execution',
'Description' => %q{
This module exploits a command execution vulnerability in the
Mail.app application shipped with Mac OS X 10.5.0. This flaw was
patched in 10.4 in March of 2007, but reintroduced into the final
release of 10.5.
},
'License' => MSF_LICENSE,
'Author' => ['hdm', 'kf'],
'Version' => '$Revision$',
'References' =>
[
['CVE', '2006-0395'],
['CV
No writeups or analysis indexed.
http://osvdb.org/34621http://www.securityfocus.com/bid/22108http://www.vupen.com/english/advisories/2007/0266https://exchange.xforce.ibmcloud.com/vulnerabilities/31564https://www.exploit-db.com/exploits/3152http://osvdb.org/34621http://www.securityfocus.com/bid/22108http://www.vupen.com/english/advisories/2007/0266https://exchange.xforce.ibmcloud.com/vulnerabilities/31564https://www.exploit-db.com/exploits/3152
2007-01-19
Published