CVE

Id
25860  
CVE No.
CVE-2007-2503  
Status
Candidate  
Description
** DISPUTED ** Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion.  
Phase
Assigned (20070503)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
259558 25860 CVE-2007-2503 BUGTRAQ:20070421 turbolence core 0.0.1 alpha Remote File Inclusion  View
259559 25860 CVE-2007-2503 URL:http://www.securityfocus.com/archive/1/archive/1/466564/100/100/threaded  View
259560 25860 CVE-2007-2503 VIM:20070422 false: turbolence core 0.0.1 alpha Remote File Inclusion  View
259561 25860 CVE-2007-2503 URL:http://www.attrition.org/pipermail/vim/2007-April/001541.html  View
259562 25860 CVE-2007-2503 BID:23580  View
259563 25860 CVE-2007-2503 URL:http://www.securityfocus.com/bid/23580  View
259564 25860 CVE-2007-2503 SREASON:2673  View
259565 25860 CVE-2007-2503 URL:http://securityreason.com/securityalert/2673  View
259566 25860 CVE-2007-2503 XF:phpturbulence-turbulence-file-include(33824)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55114 JVNDB-2007-003806 InterVations MailCOPA におけるスタックベースのバッファオーバーフローの脆弱性 InterVations MailCOPA には、スタックベースのバッファオーバーフローの脆弱性が存在します。 CVE-2007-2505 25860 9.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003806.html  View