CVE-2007-0554
published 2007-01-29CVE-2007-0554: SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.78%
75.4th percentile
SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| guo_xu_guos_posting_system | guo_xu_guos_posting_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0554 [HIGH] ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ASCII
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ASCII"; flow:established,to_server; http.uri; content:"/print.asp?"; nocase; content:"id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0554; reference:url,www.milw0rm.com/exploits/3195; classtype:web-application-attack; sid:2005311; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0554 [HIGH] ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id SELECT
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id SELECT"; flow:established,to_server; http.uri; content:"/print.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0554; reference:url,www.milw0rm.com/exploits/3195; classtype:web-application-attack; sid:2005222; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0554 [HIGH] ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UPDATE
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UPDATE"; flow:established,to_server; http.uri; content:"/print.asp?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-0554; reference:url,www.milw0rm.com/exploits/3195; classtype:web-application-attack; sid:2005226; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Init
Suricata
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0554 [HIGH] ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UNION SELECT
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UNION SELECT"; flow:established,to_server; http.uri; content:"/print.asp?"; nocase; content:"id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0554; reference:url,www.milw0rm.com/exploits/3195; classtype:web-application-attack; sid:2005223; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0554 [HIGH] ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id DELETE
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id DELETE"; flow:established,to_server; http.uri; content:"/print.asp?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0554; reference:url,www.milw0rm.com/exploits/3195; classtype:web-application-attack; sid:2005225; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0554 [HIGH] ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id INSERT
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id INSERT"; flow:established,to_server; http.uri; content:"/print.asp?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0554; reference:url,www.milw0rm.com/exploits/3195; classtype:web-application-attack; sid:2005224; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
Bugzilla
CVE-2008-1373 cups: overflow in gif image filter
bugzilla·2008-03-20·CVSS 2.6
CVE-2008-1373 [LOW] CVE-2008-1373 cups: overflow in gif image filter
CVE-2008-1373 cups: overflow in gif image filter
It was discovered that GIF parsing code used by CUPS printing system is affected
by similar issue as GIF parsers used by gd / netpbm / tk / SDL_image.
Value of code_size read from GIF image is not properly validate before being
used to initialize table array in gif_read_lzw(), causing a static buffer overflow.
Issue is similar to:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0553 (tk), CVE-2008-0554
(netpbm)
Discussion:
Created attachment 298680
Proposed patch
Similar to fixed used in gd / tk / netpbm / SDL_image.
---
Tracked upstream via: http://www.cups.org/str.php?L2765
---
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7
---
cups-1.3.6-4.fc8 has been pushed to the Fedora 8 stable repository. If probl
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow
CVE-2008-0553 tk: GIF handling buffer overflow
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
Discussion:
perl-Tk uses embedded copy of tk source code and is affected by this problem
too. Adding perl-Tk maintainers t
Bugzilla
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0554 [LOW] CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
GIF handling code used in netpbm's giftopnm converter is based on the same code
as used by gd and SDL_image and is affected by the overflow known as
CVE-2006-4484 and CVE-2007-6697.
readImageData function in giftopnm.c does not properly check the value of
lzwMinCodeSize value read from GIF image before passing it to lzwInit, which
uses it as upper bound during the initialization of fixed sized table array,
leading to a buffer overflow.
This issue was fixed in upstream version 10.27. Code checking the value is in
the initial giftopnm.c revision in projects public SVN repository:
http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/converter/other/giftopnm.c?revision=1&view=markup#l_1052
This issue does not affect netpbm pa
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
+++ This bug was initially created as a clone of Bug #431518 +++
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
-- Additional comment from [email protected] on
http://osvdb.org/31635http://secunia.com/advisories/23929http://securityreason.com/securityalert/2209http://www.securityfocus.com/archive/1/458061/100/0/threadedhttp://www.securityfocus.com/bid/22232http://www.vupen.com/english/advisories/2007/0353https://exchange.xforce.ibmcloud.com/vulnerabilities/31759https://www.exploit-db.com/exploits/3195http://osvdb.org/31635http://secunia.com/advisories/23929http://securityreason.com/securityalert/2209http://www.securityfocus.com/archive/1/458061/100/0/threadedhttp://www.securityfocus.com/bid/22232http://www.vupen.com/english/advisories/2007/0353https://exchange.xforce.ibmcloud.com/vulnerabilities/31759https://www.exploit-db.com/exploits/3195
2007-01-29
Published