CVE-2007-1165
published 2007-03-02CVE-2007-1165: Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.11%
86.2th percentile
Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dbscripts | dbguestbook | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2007-6352 libexif integer overflow
bugzilla·2007-12-14·CVSS 6.8
CVE-2007-6352 [MEDIUM] CVE-2007-6352 libexif integer overflow
CVE-2007-6352 libexif integer overflow
An integer overflow flaw was found in libexif. This flaw could be leveraged by
an attacker to execute arbitrary code withe the permissions of the application
parsing the EXIF image data.
Discussion:
Created attachment 289541
Upstream patch
---
Fixed in affected Red Hat Enterprise Linux versions:
http://rhn.redhat.com/errata/RHSA-2007-1165.html
http://rhn.redhat.com/errata/RHSA-2007-1166.html
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-1165.html
http://rhn.redhat.com/errata/RHSA-2007-1166.html
Fedora:
https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4608
https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4667
Bugzilla
CVE-2007-6351 libexif infinite recursion flaw (DoS)
bugzilla·2007-12-14·CVSS 4.3
CVE-2007-6351 [MEDIUM] CVE-2007-6351 libexif infinite recursion flaw (DoS)
CVE-2007-6351 libexif infinite recursion flaw (DoS)
An infinite recursion flaw was found in libexif. This could be leveraged by an
attacker to crash an application using libexif to process image data content.
Discussion:
Created attachment 289531
Upstream patch taken from CVS
---
Fixed in affected Red Hat Enterprise Linux versions:
http://rhn.redhat.com/errata/RHSA-2007-1165.html
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-1165.html
Fedora:
https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4608
https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4667
http://osvdb.org/33493http://osvdb.org/33494http://osvdb.org/33495http://www.securityfocus.com/bid/22658http://www.vupen.com/english/advisories/2007/0693https://www.exploit-db.com/exploits/3354http://osvdb.org/33493http://osvdb.org/33494http://osvdb.org/33495http://www.securityfocus.com/bid/22658http://www.vupen.com/english/advisories/2007/0693https://www.exploit-db.com/exploits/3354
2007-03-02
Published