CVE-2007-2013
published 2007-04-12CVE-2007-2013: Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.77%
75.3th percentile
Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jambagecom | div2007 | >= 0 < 0.10.2 | 0.10.2 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting
ghsa·2022-05-17
CVE-2013-5100 [LOW] CWE-79 Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting
Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function.
GHSA
GHSA-q9cj-fx8w-w7gr: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2007-2013 [MEDIUM] GHSA-q9cj-fx8w-w7gr: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Red Hat
qemu: guest agent creates files with insecure permissions in deamon mode
vendor_redhat·2013-05-06·CVSS 6.9
CVE-2013-2007 [MEDIUM] qemu: guest agent creates files with insecure permissions in deamon mode
qemu: guest agent creates files with insecure permissions in deamon mode
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
Statement: This issue does not affect the kvm package as shipped with Red Hat Enterprise Linux 5.
This issue does not affect the xen package as shipped with Red Hat Enterprise Linux 5.
This issue does affect the qemu-kvm package as shipped with Red Hat Enterprise Linux 6. Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw.
Please note that due to differences in upstream and Red Hat Enterprise Linux 6 versions of qemu guest agent this issue has lower security impact on systems running Red Hat Enterprise
Suricata
ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
suricata·2025-01-27·CVSS 7.8
CVE-2015-1641 [HIGH] ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
Rule: alert tcp any any -> $HOME_NET any (msg:"ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)"; flow:established,to_client; file.data; content:"|7b 5c|rtf"; content:"|7b 5c 2a 5c|objdata|20|0105000002000000"; content:"6f746b6c6f6164722e5752417373656d626c792e3100"; fast_pattern; nocase; distance:8; content:"d0cf11e0a1b11ae1"; nocase; distance:0; content:"|7c 34 24 04|"; reference:url,degsew.wordpress.com/2016/03/28/new-microst-office-word-2007-2013-exploit-cve-2015-1641-analysis/; reference:cve,2015-1641; classtype:bad-unknown; sid:2059680; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_01_27, cve CVE_2015_1641, deployment Perimeter, deployment SSLDecrypt, confidence Medium, s
Exploit-DB
Microsoft Excel - OLE Arbitrary Code Execution
exploitdb·2017-09-30
CVE-2017-0199 Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution
---
Title: MS Office Excel (all versions) Arbitrary Code Execution Vulnerability
Date: September 30th, 2017.
Author: Eduardo Braun Prado
Vendor Homepage: http://www.microsoft.com/
Software Link: https://products.office.com/
Version: 2007,2010,2013,2016 32/64 bits (x86 and x64)
Tested on: Windows 10/8.1/8.0/7/Server 2012/Server 2008/Vista (X86 and x64)
CVE: 2017-0199
Description:
MS Excel contains a remote code execution vulnerability upon processing OLE objects. Although this is a different issue from the
MS Word HTA execution vulnerability, it has been patched together, 'silently'. By performing some tests from the Word HTA PoC posted
on exploit-db[dot]com, it´s possible to exploit it through Excel too, however the target would ne
Exploit-DB
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
exploitdb·2016-08-10·CVSS 7.8
CVE-2016-3313 [HIGH] Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
---
#####################################################################################
# Application: Microsoft Office Word
# Platforms: Windows, OSX
# Versions: Microsoft Office Word 2007,2010,2013,2016
# Author: Sébastien Morin of COSIG
# Website: https://cosig.gouv.qc.ca/en/advisory/
# Twitter: @SebMorin1, @COSIG_
# Date: August 09, 2016
# CVE: CVE-2016-3313
# COSIG-2016-31
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#######################################################################################
1) Introduction
Microsoft Word is a word processor developed by Microsoft. It was first re
Exploit-DB
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
exploitdb·2016-04-14·CVSS 7.8
CVE-2016-0122 [HIGH] Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
---
#######################################################################################
# Title: Microsoft Office Excel Out-of-Bounds Read Remote Code Execution
# Application: Microsoft Office Excel
# Affected Products: Microsoft Office Excel 2007,2010,2013,2016
# Software Link: https://products.office.com/en-ca/excel
# Date: April 12, 2016
# CVE: CVE-2016-0122 (MS16-042)
# Author: Sébastien Morin from COSIG
# Contact: https://twitter.com/COSIG_ (@COSIG_)
# Personal contact: https://smsecurity.net/; https://twitter.com/SebMorin1 (@SebMorin1)
#######################################################################################
Introduction:
Microsoft Excel is a spreadsheet developed by Microsoft for Windows, Mac OS X
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
exploitdb·2015-09-16
CVE-2015-2510 Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=469
The following crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 3013413838_orig.xls
Crashing File: 3013413838_crash.xls
Minimized Crashing File: 3013413838_min.xls
The minimized crashing file shows a one bit delta from the original file at offset 0x139F. OffVis did not reveal anything unique about this offset in the minimized file.
File Versions:
Excel.exe: 12.0.6718.5000
OGL.dll: 12.0.6719.5000
oart.dll: 12.0.6683.5002
GD
Exploit-DB
Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
exploitdb·2015-09-16
CVE-2015-2523 Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=462
The following crash was observed in Microsoft Excel 2007 running on Windows 2003 R2. This crash was also reproduced in Microsoft Excel 2010 on Windows 7 x86 and Microsoft Excel 2013 on Windows 8.1 x86. The test environment was Excel 2007 on Windows 2003 R2 with application verifier basic checks enabled.
Attached files:
Original File: 683709058_orig.xls
Crashing File: 683709058_crash.xls
Minimized Crashing File: 683709058_min.xls
The minimized crashing file shows two deltas from the original. The first at offset 0x237 is in the data of the 4th BIFFRecord and the second delta at offset 0x34a5 is in the type field of a BIFFRecord.
File versions:
Exploit-DB
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
exploitdb·2015-09-16
CVE-2015-2520 Microsoft Office 2007 - BIFFRecord Length Use-After-Free
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=464
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 1105668828_orig.xls
Crashing File: 1105668828_crash.xls
Minimized Crashing File: 1105668828_min.xls
The minimized crashing file shows two one bit deltas from the original file. The first delta at offset 0x1CF7E and the second is at offset 0x3A966. Both of these offset appear to be BIFFRecord lengths.
File Versions:
Excel.exe: 12.0.6718.5000
MSO.dll: 12.0.6721.5000
Observed Crash:
eax=0000000
Exploit-DB
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
exploitdb·2015-09-16
CVE-2015-2521 Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=465
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 1516065514_orig.xls
Crashing File: 1516065514_crash.xls
Minimized Crashing File: 1516065514_min.xls
The minimized crashing file shows a one bit deltas from the original file at offset 0x49E8. OffVis reports this to be the CreateTime field of an OLESSDirectoryEntry structure.
File Versions:
Excel.exe: 12.0.6718.5000
MSO.dll: 12.0.6721.5000
Observed Crash:
When run without Applicati
Exploit-DB
Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)
exploitdb·2014-09-29
Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)
Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)
---
# Exploit Title: Microsoft Exchange IIS HTTP Internal IP Disclosure Vulnerability
# Google Dork: NA
# Date: 08/01/2014
# Exploit Author: Nate Power
# Vendor Homepage: microsoft.com
# Software Link: NA
# Version: Exchange OWA 2003, Exchange CAS 2007/2010/2013
# Tested on: Exchange OWA 2003, Exchange CAS 2007/2010/2013
# CVE : NA
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure',
'Description' => %q{
This module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 201
Exploit-DB
Collabtive 1.1 - 'managetimetracker.php' SQL Injection
exploitdb·2014-01-15
CVE-2013-6872 Collabtive 1.1 - 'managetimetracker.php' SQL Injection
Collabtive 1.1 - 'managetimetracker.php' SQL Injection
---
##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+##
|| ||
|| Advisory : Collabtive Sql Injection ||
|| Affected Version : 1.1 ||
|| Vendor : http://collabtive.o-dyn.de/index.php ||
|| Risk : Medium ||
|| CVE-ID : 2013-6872 ||
|| Tested on Platform : Windows 7 ||
##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+##
Product Description:
Collabtive is web-based project management software.
The project was started in November 2007. It is open source software and provides an alternative to proprietary tools like Basecamp. Collabtive is written in PHP and JavaScript.
Collabtive is intended for small to medium-sized businesses and freelancers. We offer commercial services for installation and cu
Exploit-DB
Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
exploitdb·2013-10-15
CVE-2013-5147 Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
---
Document Title:
Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1105
Video: http://www.vulnerability-lab.com/get_content.php?id=1104
Release Date:
2013-10-04
Vulnerability Laboratory ID (VL-ID):
1105
Common Vulnerability Scoring System:
6.1
Product & Service Introduction:
iOS (previously iPhone OS) is a mobile operating system developed and distributed by Apple Inc. Originally unveiled in 2007
for the iPhone, it has been extended to support other Apple devices such as the iPod Touch (September 2007), iPad (January 2010),
iPad Mini (November 2012) and second-generation Apple TV (September 2010). Unlike Microsoft`s Windows Phone and Google`s
Exploit-DB
Microsoft PowerPoint 2007 - Crash (PoC)
exploitdb·2013-07-01
CVE-2014-2671 Microsoft PowerPoint 2007 - Crash (PoC)
Microsoft PowerPoint 2007 - Crash (PoC)
---
# Title : Microsoft Office PowerPoint 2007 Crash PoC
# Date: 2013-01-12
# Software Link: http://office.microsoft.com/
# Author: Asesino04
# Tested on: Windows XP SP2
# Special Thanks To : Ness Oum El Bouaghi
# Bug Description:
when you insert a sound to Microsoft office powerpoint 2007 ;the software will get crashed
it tested on office 2007 ,all the versions may be affected too
# Credit: This Bug was founded by Asesino04 "The Black Devils"
# Proof Of Concept
https://fbcdn-sphotos-g-a.akamaihd.net/hphotos-ak-prn1/601368_541967942509686_881180451_n.jpg
/-->
EAX FFFFFFFF
ECX 00000000
EDX 00000000
EBX 0003DAD8
ESP 0013BC5C
EBP 0013BCF0
ESI FFFFFFFF
EDI 00199FF2
EIP 0460E650 quartz.0460E650
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(
Exploit-DB
Einfacher Passworschutz - 'index.php' Cross-Site Scripting
exploitdb·2007-04-10
CVE-2007-2013 Einfacher Passworschutz - 'index.php' Cross-Site Scripting
Einfacher Passworschutz - 'index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/23395/info
Einfacher Passworschutz is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/?msg=[XSS]
Bugzilla
CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator
bugzilla·2013-12-23·CVSS 5.8
CVE-2007-6755 [MEDIUM] CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator
CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6755 to the following vulnerability:
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
References:
http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code
Bugzilla
CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [fedora-all]
bugzilla·2013-05-31·CVSS 6.9
CVE-2013-2007 [MEDIUM] CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [fedora-all]
CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Pleas
Bugzilla
CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [fedora-all]
bugzilla·2013-05-31·CVSS 6.9
CVE-2013-2007 [MEDIUM] CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [fedora-all]
CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Pleas
http://hackberry.ath.cx/research/1.txthttp://osvdb.org/35000http://secunia.com/advisories/24922http://www.securityfocus.com/bid/23395http://www.vupen.com/english/advisories/2007/1316https://exchange.xforce.ibmcloud.com/vulnerabilities/33542http://hackberry.ath.cx/research/1.txthttp://osvdb.org/35000http://secunia.com/advisories/24922http://www.securityfocus.com/bid/23395http://www.vupen.com/english/advisories/2007/1316https://exchange.xforce.ibmcloud.com/vulnerabilities/33542
2007-04-12
Published