CVE-2007-1158
published 2007-03-02CVE-2007-1158: Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.32%
89.9th percentile
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| postnuke_software_foundation | pagesetter | — | — |
| postnuke_software_foundation | pagesetter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pagesetter 6.2/6.3.0 - 'index.php' Local File Inclusion
exploitdb·2007-02-26
CVE-2007-1158 Pagesetter 6.2/6.3.0 - 'index.php' Local File Inclusion
Pagesetter 6.2/6.3.0 - 'index.php' Local File Inclusion
---
source: https://www.securityfocus.com/bid/22733/info
Pagesetter is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Pagesetter 6.3.0 beta 5 and prior versions are vulnerable to this issue.
http://www.example.com/index.php?module=Pagesetter&type=file&func=preview&id=../../../../../../../../../etc/passwd%00
Exploit-DB
Oracle January 2007 Security Update - Multiple Vulnerabilities
exploitdb·2007-01-16
CVE-2007-0297 Oracle January 2007 Security Update - Multiple Vulnerabilities
Oracle January 2007 Security Update - Multiple Vulnerabilities
---
source: https://www.securityfocus.com/bid/22083/info
Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.
http://www.example.com:1158/em/dynamicImage/emSDK/chart/EmChartBean?beanId=\..\..\..\..\..\..\..\..\..\..\..\.
No writeups or analysis indexed.
http://marc.info/?l=full-disclosure&m=117251821622820&w=2http://marc.info/?l=full-disclosure&m=117256698219502&w=2http://osvdb.org/33781http://secunia.com/advisories/24299http://securityreason.com/securityalert/2336http://www.elfisk.dk/index.php?module=pagesetter&func=viewpub&tid=7&pid=125http://www.securityfocus.com/archive/1/461339/100/0/threadedhttp://www.securityfocus.com/bid/22733http://www.vupen.com/english/advisories/2007/0758https://exchange.xforce.ibmcloud.com/vulnerabilities/32695http://marc.info/?l=full-disclosure&m=117251821622820&w=2http://marc.info/?l=full-disclosure&m=117256698219502&w=2http://osvdb.org/33781http://secunia.com/advisories/24299http://securityreason.com/securityalert/2336http://www.elfisk.dk/index.php?module=pagesetter&func=viewpub&tid=7&pid=125http://www.securityfocus.com/archive/1/461339/100/0/threadedhttp://www.securityfocus.com/bid/22733http://www.vupen.com/english/advisories/2007/0758https://exchange.xforce.ibmcloud.com/vulnerabilities/32695
2007-03-02
Published