CVE-2007-1078
published 2007-02-22CVE-2007-1078: PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.23%
86.7th percentile
PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flashgamescript | flashgamescript | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FlashGameScript 1.5.4 - 'index.php?func' Remote File Inclusion
exploitdb·2007-02-22
CVE-2007-1078 FlashGameScript 1.5.4 - 'index.php?func' Remote File Inclusion
FlashGameScript 1.5.4 - 'index.php?func' Remote File Inclusion
---
___ ___
_____ / | \ ___________ ______ _ __
\__ \ / ~ \ ______ _/ ___\_ __ \_/ __ \ \/ \/ /
/ __ \\ Y / /_____/ \ \___| | \/\ ___/\ /
(____ /\___|_ / \___ >__| \___ >\/\_/
\/ \/ \/ \/
Author : JuMp-Er
Date : feb, 21th 2007
Level : Dangerous
contact: : aH-crew[at]hotmail[dot]com
Software description
App :FlashGameScript
Version :1.5.4
URL: :http://www.flashgamescript.com/
Price: :$60
Description :
FlashGameScript: Flash Game Script is the latest arcade website script created by developers at ghoney.com and will be market by folks at FlashGameScript.com.
Our game site script is created to maximized arcade site owner.s profit with additional plug-in for alternative income opportunities.
Vulnerability:
line 27: $absolut
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (3)
exploitdb·2006-10-06
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (3)
eXtremail 1.x/2.1 - Remote Format String (3)
---
source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' comm
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (2)
exploitdb·2001-06-21
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (2)
eXtremail 1.x/2.1 - Remote Format String (2)
---
// source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' c
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (1)
exploitdb·2001-06-21
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (1)
eXtremail 1.x/2.1 - Remote Format String (1)
---
// source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' c
No writeups or analysis indexed.
http://osvdb.org/33492http://secunia.com/advisories/24267http://www.securityfocus.com/archive/1/460951/100/0/threadedhttp://www.securityfocus.com/bid/22646http://www.vupen.com/english/advisories/2007/0707https://exchange.xforce.ibmcloud.com/vulnerabilities/32635https://www.exploit-db.com/exploits/3360http://osvdb.org/33492http://secunia.com/advisories/24267http://www.securityfocus.com/archive/1/460951/100/0/threadedhttp://www.securityfocus.com/bid/22646http://www.vupen.com/english/advisories/2007/0707https://exchange.xforce.ibmcloud.com/vulnerabilities/32635https://www.exploit-db.com/exploits/3360
2007-02-22
Published