CVE-2007-2015
published 2007-04-12CVE-2007-2015: PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.16%
86.4th percentile
PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| request_it | request_it | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c38m-8pv6-fj8r: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2007-2015 [MEDIUM] GHSA-c38m-8pv6-fj8r: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files
kernel_security·2018-08-23·CVSS 7.2
CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files
namei: allow restricted O_CREAT of FIFOs and regular files
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.
This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:
CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
This list is no
Suricata
ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
suricata·2025-01-27·CVSS 7.8
CVE-2015-1641 [HIGH] ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
Rule: alert tcp any any -> $HOME_NET any (msg:"ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)"; flow:established,to_client; file.data; content:"|7b 5c|rtf"; content:"|7b 5c 2a 5c|objdata|20|0105000002000000"; content:"6f746b6c6f6164722e5752417373656d626c792e3100"; fast_pattern; nocase; distance:8; content:"d0cf11e0a1b11ae1"; nocase; distance:0; content:"|7c 34 24 04|"; reference:url,degsew.wordpress.com/2016/03/28/new-microst-office-word-2007-2013-exploit-cve-2015-1641-analysis/; reference:cve,2015-1641; classtype:bad-unknown; sid:2059680; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_01_27, cve CVE_2015_1641, deployment Perimeter, deployment SSLDecrypt, confidence Medium, s
Exploit-DB
Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (2)
exploitdb·2015-11-23·CVSS 1.5
CVE-2015-4878 [LOW] Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (2)
Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (2)
---
#####################################################################################
Application: Oracle Outside In
Platforms: Windows
Versions: 8.5.2
CVE: CVE-2015-4878
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
1) Introduction
Oracle Outside In Technology provides software developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. From the latest office suites, such as Microsoft Office 2007, to specialty
Exploit-DB
Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (1)
exploitdb·2015-11-23·CVSS 1.5
CVE-2015-4877 [LOW] Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (1)
Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (1)
---
#####################################################################################
Application: Oracle Outside In
Platforms: Windows
Versions: 8.5.2
CVE: CVE-2015-4877
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
1) Introduction
Oracle Outside In Technology provides software developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. From the latest office suites, such as Microsoft Office 2007, to specialty
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
exploitdb·2015-09-16
CVE-2015-2510 Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=469
The following crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 3013413838_orig.xls
Crashing File: 3013413838_crash.xls
Minimized Crashing File: 3013413838_min.xls
The minimized crashing file shows a one bit delta from the original file at offset 0x139F. OffVis did not reveal anything unique about this offset in the minimized file.
File Versions:
Excel.exe: 12.0.6718.5000
OGL.dll: 12.0.6719.5000
oart.dll: 12.0.6683.5002
GD
Exploit-DB
Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
exploitdb·2015-09-16
CVE-2015-2523 Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=462
The following crash was observed in Microsoft Excel 2007 running on Windows 2003 R2. This crash was also reproduced in Microsoft Excel 2010 on Windows 7 x86 and Microsoft Excel 2013 on Windows 8.1 x86. The test environment was Excel 2007 on Windows 2003 R2 with application verifier basic checks enabled.
Attached files:
Original File: 683709058_orig.xls
Crashing File: 683709058_crash.xls
Minimized Crashing File: 683709058_min.xls
The minimized crashing file shows two deltas from the original. The first at offset 0x237 is in the data of the 4th BIFFRecord and the second delta at offset 0x34a5 is in the type field of a BIFFRecord.
File versions:
Exploit-DB
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
exploitdb·2015-09-16
CVE-2015-2520 Microsoft Office 2007 - BIFFRecord Length Use-After-Free
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=464
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 1105668828_orig.xls
Crashing File: 1105668828_crash.xls
Minimized Crashing File: 1105668828_min.xls
The minimized crashing file shows two one bit deltas from the original file. The first delta at offset 0x1CF7E and the second is at offset 0x3A966. Both of these offset appear to be BIFFRecord lengths.
File Versions:
Excel.exe: 12.0.6718.5000
MSO.dll: 12.0.6721.5000
Observed Crash:
eax=0000000
Exploit-DB
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
exploitdb·2015-09-16
CVE-2015-2521 Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=465
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 1516065514_orig.xls
Crashing File: 1516065514_crash.xls
Minimized Crashing File: 1516065514_min.xls
The minimized crashing file shows a one bit deltas from the original file at offset 0x49E8. OffVis reports this to be the CreateTime field of an OLESSDirectoryEntry structure.
File Versions:
Excel.exe: 12.0.6718.5000
MSO.dll: 12.0.6721.5000
Observed Crash:
When run without Applicati
Exploit-DB
Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
exploitdb·2015-08-25
CVE-2015-0064 Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=170&can=1
The following access violation was observed in Microsoft Office 2007
(Word document):
(e24.e28): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0583a748 ebx=00eb4684 ecx=003ad1a3 edx=00000000 esi=049860bc edi=00122238
eip=7814500a esp=001221e0 ebp=001221e8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212
MSVCR80!memcpy+0x5a:
7814500a f3a5 rep movsd ds:049860bc=???????? es:00122238=3348bcd8
0:000> k
ChildEBP RetAddr
001221e8 31249c0e MSVCR80!memcpy+0x5a
00122204 3126a371 wwlib!
Exploit-DB
Microsoft Office 2007 - OneTableDocumentStream Invalid Object
exploitdb·2015-08-25
CVE-2015-0065 Microsoft Office 2007 - OneTableDocumentStream Invalid Object
Microsoft Office 2007 - OneTableDocumentStream Invalid Object
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=171&can=1
The following access violation was observed in Microsoft Office 2007
(Word document):
(8c0.e68): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0012dcf8 ebx=40000000 ecx=40000000 edx=0012de1c esi=40000000 edi=011f1400
eip=32881800 esp=0012d010 ebp=0012d038 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
mso!Ordinal7799+0x2fc:
32881800 0fb74614 movzx eax,word ptr [esi+0x14] ds:0023:40000014=????
0:000> k
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following
Exploit-DB
Microsoft Office 2007 - 'mso.dll' Use-After-Free (MS15-081)
exploitdb·2015-08-21
CVE-2015-2467 Microsoft Office 2007 - 'mso.dll' Use-After-Free (MS15-081)
Microsoft Office 2007 - 'mso.dll' Use-After-Free (MS15-081)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1
The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample did not reproduce in Office 2010 running on Windows 7 x86.
The attached minimized PoC that produces the crash with 2 bit changes from the original file at offsets 0x11E60 and 0x1515F. Standard office document parsers did not reveal any significance about this location.
Attached files:
Fuzzed minimized PoC: 1567070353_min.doc
Fuzzed non-minimized PoC: 1567070353_crash.doc
Original non-fuzzed file: 1567070353_orig.doc
DLL Versi
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080)
exploitdb·2015-08-21
CVE-2015-2431 Microsoft Office 2007 - 'OGL.dll' DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080)
Microsoft Office 2007 - 'OGL.dll' DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=420&can=1
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
The crash is caused by a 1 bit delta from the original file at offset 0x4A45. OffViz identified this offset as OLESSRoot.DirectoryEntries[100].OLESSDirectoryEntry[20].sidLeft with an original value of 0x00000000 and a fuzzed value of 0x00008000.
Attached files:
Fuzzed minimized PoC: 1863274449_min.doc
Fuzzed non-minimized PoC: 1863274449_crash.doc
Original non-fuz
Exploit-DB
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
exploitdb·2015-08-21
CVE-2015-2470 Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=431&can=1
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
The crash is caused by a 1 bit delta from the original file at offset 0xA9B0. Standard tools did not identify anything significant about this offset in the minimized file.
Attached files:
Fuzzed minimized PoC: 3423415565_min.doc
Fuzzed non-minimized PoC: 3423415565_crash.doc
Original non-fuzzed file: 3423415565_orig.doc
DLL Versions:
wwlib.dll: 12.0.6720.5000
msptls.dll: 12.0.6682.5000
Exploit-DB
Microsoft Office 2007 - 'wwlib.dll' Type Confusion (MS15-081)
exploitdb·2015-08-21
CVE-2015-2469 Microsoft Office 2007 - 'wwlib.dll' Type Confusion (MS15-081)
Microsoft Office 2007 - 'wwlib.dll' Type Confusion (MS15-081)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=423&can=1
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
The minimized version of the PoC has three deltas at offsets 0x2404, 0x4041, and 0x8057. OffViz identified these as WordBinaryDocuments[1].WordBinaryDocument[0].stPapxFKPs[23].PAPXFKP[1].rgfc[7].rgfc[1], WordBinaryDocuments[1].WordBinaryDocument[0].stPapxFKPs[23].PAPXFKP[9].rgfc[23].rgfc[16], and WordBinaryDocuments[1].WordBinaryDocument[0].stPapxFKPs[23].PAPXFKP[22].rgbx[11].BXPAP[3].bOffset respect
Exploit-DB
Microsoft Office 2007 - 'mso.dll' Arbitrary Free (MS15-081)
exploitdb·2015-08-21
CVE-2015-2468 Microsoft Office 2007 - 'mso.dll' Arbitrary Free (MS15-081)
Microsoft Office 2007 - 'mso.dll' Arbitrary Free (MS15-081)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=417&can=1
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 running on Windows 7 x86. The attached PoC file will reproduce when Word is closed. However, there were other crashing files (not attached) faulting on the same EIP that did not require Word to be be closed to trigger the crash. This particular PoC did not minimize cleanly and has 666 deltas from the original non-fuzzed file.
Attached files:
Fuzzed non-minimized PoC: 2435406723_crash.doc
Original non-fuzzed file: 2435406723_o
Exploit-DB
Microsoft Word - Local Machine Zone Code Execution (MS15-022)
exploitdb·2015-07-20·CVSS 9.3
CVE-2015-0097 [CRITICAL] Microsoft Word - Local Machine Zone Code Execution (MS15-022)
Microsoft Word - Local Machine Zone Code Execution (MS15-022)
---
Exploit Title: Microsoft Word Local Machine Zone Remote Code Execution Vulnerability
Date: July 15th, 2015
Exploit Author: Eduardo Braun Prado
Vendor Homepage : http://www.microsoft.com
Version: 2007
Tested on: Microsoft Windows XP, 2003, Vista, 2008, 7, 8, 8.1
CVE: CVE-2015-0097
Original Advisory: https://technet.microsoft.com/library/security/ms15-022
Microsoft Word, Excel and Powerpoint 2007 contains a remote code execution vulnerability because it is possible
to reference documents such as Works document (.wps) as HTML. It will process HTML and script code in the context
of the local machine zone of Internet Explorer which leads to arbitrary code execution.
By persuading users into opening eg. specially crafted .WPS,
Exploit-DB
Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
exploitdb·2009-06-08
CVE-2009-2015 Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
---
Joomla Component MooFAQ Local File Inclusion Vulnerability
###################################################
[+] Author : Chip D3 Bi0s
[+] Email : chipdebios[alt+64]gmail.com
[+] Vulnerability : LFI
###################################################
Example:
http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI]
Demo Live (1):
http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd
Demo Live (2):
http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd
++++++++++++++++++++++++++++++++
[!] Produced in South America
FAQ Component using mooTools
20 July 2007
1.0
1.0.13
Douglas
Exploit-DB
Request It 1.0b - 'index.php?id' Remote File Inclusion
exploitdb·2007-04-12
CVE-2007-2015 Request It 1.0b - 'index.php?id' Remote File Inclusion
Request It 1.0b - 'index.php?id' Remote File Inclusion
---
Request It : Song Request System 1.0b - remote file inclusion
Software: Request It : Song Request System
Type: remote file inclusion
Version: 1.0b
Date: 2007-04-09
Url: http://scripts.ringsworld.com/organizers/requestit/
Risc: middle
Credit:
http://hackberry.ath.cx
mail[AT]hackberry.ath.cx
Vulnerability:
http://[target]/?id=[REMOTEFILE]
Google dork:
"[ Request us to play you a song ]"
# milw0rm.com [2007-04-12]
No writeups or analysis indexed.
http://hackberry.ath.cx/research/2.txthttp://osvdb.org/34722http://secunia.com/advisories/24832http://securityreason.com/securityalert/2553http://www.attrition.org/pipermail/vim/2007-April/001514.htmlhttp://www.securityfocus.com/archive/1/465081/100/0/threadedhttp://www.securityfocus.com/bid/23370http://www.vupen.com/english/advisories/2007/1318http://hackberry.ath.cx/research/2.txthttp://osvdb.org/34722http://secunia.com/advisories/24832http://securityreason.com/securityalert/2553http://www.attrition.org/pipermail/vim/2007-April/001514.htmlhttp://www.securityfocus.com/archive/1/465081/100/0/threadedhttp://www.securityfocus.com/bid/23370http://www.vupen.com/english/advisories/2007/1318
2007-04-12
Published