CVE-2007-6621
published 2008-01-04CVE-2007-6621: Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in…
PriorityP433medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
2.37%
81.7th percentile
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joovili | joovili | <= 3.0.6 | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-63m7-v46r-x4v3: Directory traversal vulnerability in joovili
ghsa_unreviewed·2022-05-01
CVE-2007-6621 [MEDIUM] CWE-22 GHSA-63m7-v46r-x4v3: Directory traversal vulnerability in joovili
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
Red Hat
, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick
vendor_redhat·2007-03-01·CVSS 9.3
CVE-2008-6070 [CRITICAL] , CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick
, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick
Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information.
Statement: The costs associated with fixing these bug are greater than the posed security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux at this time.
No detection rules found.
No writeups or analysis indexed.
2008-01-04
Published