CVE-2008-5790
published 2008-12-31CVE-2008-5790: Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute…
PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
23.62%
97.5th percentile
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| recly | competitions | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusions
exploitdb·2008-11-07
CVE-2008-5790 Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusions
Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusions
---
[o] Recly!Competitions Component 1.0.0 Multiple Remote File Inclusion Vulnerability
Software : com_competitions version 1.0.0
Vendor : http://www.recly.com/
Download : http://www.recly.com/index.php?option=com_recly&task=product_page&id=12
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com
[o] Vulnerable file
administrator/components/com_competitions/includes/competitions/add.php
require_once($GLOBALS['mosConfig_absolute_path'] . '/components/com_competitions/lib/common/GlobalVariables.class.php');
administrator/components/com_competitions/includes/competitions/competitions.php
require_once( $GLOBALS['mosConfig_absolute_path'] . '/administrator/includes/page
Exploit-DB
SNMPv3 - HMAC Validation error Remote Authentication Bypass
exploitdb·2008-06-12·CVSS 10.0
CVE-2008-0960 [CRITICAL] SNMPv3 - HMAC Validation error Remote Authentication Bypass
SNMPv3 - HMAC Validation error Remote Authentication Bypass
---
#############################################################################
# #
# snmpv3_exp.sh exploit the vulnerability described in CVE-2008-0960, the #
# HMAC check problem (on multiple vendor) #
# #
# Copyright (c) 2008 @ Mediaservice.net Srl. All rights reserved #
# Wrote by Maurizio Agazzini #
# http://lab.mediaservice.net/ #
# #
#############################################################################
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5790.tgz (2008-snmpv3_exp.tgz)
# milw0rm.com [2008-06-12]
No writeups or analysis indexed.
2008-12-31
Published