CVE

Id
76299  
CVE No.
CVE-2014-8998  
Status
Candidate  
Description
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.  
Phase
Assigned (20141119)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
703300 76299 CVE-2014-8998 EXPLOIT-DB:35183  View
703301 76299 CVE-2014-8998 URL:http://www.exploit-db.com/exploits/35183  View
703302 76299 CVE-2014-8998 MISC:http://packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.html  View
703303 76299 CVE-2014-8998 BID:71014  View
703304 76299 CVE-2014-8998 URL:http://www.securityfocus.com/bid/71014  View
703305 76299 CVE-2014-8998 XF:x7chat-message-code-exec(98513)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
16683 JVNDB-2014-005558 Monstra における総当たりログイン攻撃を実行される脆弱性 Monstra は、ログインが何回試行されたかの追跡に Cookie を使用するため、総当たりログイン攻撃 (Brute force login attack) を実行される脆弱性が存在します。 CVE-2014-9006 76299 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005558.html  View