CVE

Id
29436  
CVE No.
CVE-2007-6079  
Status
Candidate  
Description
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.  
Phase
Assigned (20071121)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
309544 29436 CVE-2007-6079 MILW0RM:4637  View
309545 29436 CVE-2007-6079 URL:http://www.milw0rm.com/exploits/4637  View
309546 29436 CVE-2007-6079 BID:26505  View
309547 29436 CVE-2007-6079 URL:http://www.securityfocus.com/bid/26505  View
309548 29436 CVE-2007-6079 VUPEN:ADV-2007-3962  View
309549 29436 CVE-2007-6079 URL:http://www.vupen.com/english/advisories/2007/3962  View
309550 29436 CVE-2007-6079 XF:bcoos-common-file-include(38592)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
54227 JVNDB-2007-002919 AdventNet EventLog Analyzer における権限を取得される脆弱性 AdventNet EventLog Analyzer には、パスワード無しのデフォルト "root" アカウントで mysql インスタンスをインストールするため、権限を取得され、ログを変更される脆弱性が存在します。 CVE-2007-6081 29436 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002919.html  View