Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for lan_management_system by lan_management_system

    CVE-2007-2205 (GCVE-0-2007-2205)

    Vulnerability from nvd – Published: 2007-04-24 20:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.attrition.org/pipermail/vim/2007-April… mailing-listx_refsource_VIM
    http://osvdb.org/35480 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/2630 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/466664/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/23611 vdb-entryx_refsource_BID
    Date Public
    2007-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "lms-rtmessageadd-file-include(33819)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33819"
              },
              {
                "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
              },
              {
                "name": "35480",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35480"
              },
              {
                "name": "2630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2630"
              },
              {
                "name": "20070422 lms 1.5.3 Remote File Inclusion",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/466664/100/0/threaded"
              },
              {
                "name": "23611",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23611"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "lms-rtmessageadd-file-include(33819)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33819"
            },
            {
              "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
            },
            {
              "name": "35480",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35480"
            },
            {
              "name": "2630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2630"
            },
            {
              "name": "20070422 lms 1.5.3 Remote File Inclusion",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/466664/100/0/threaded"
            },
            {
              "name": "23611",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23611"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2205",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "lms-rtmessageadd-file-include(33819)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33819"
                },
                {
                  "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
                },
                {
                  "name": "35480",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35480"
                },
                {
                  "name": "2630",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2630"
                },
                {
                  "name": "20070422 lms 1.5.3 Remote File Inclusion",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/466664/100/0/threaded"
                },
                {
                  "name": "23611",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23611"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2205",
        "datePublished": "2007-04-24T20:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2198 (GCVE-0-2007-2198)

    Vulnerability from nvd – Published: 2007-04-24 18:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.lms.org.pl/ x_refsource_CONFIRM
    http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz x_refsource_CONFIRM
    http://www.securityfocus.com/bid/23715 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/1580 vdb-entryx_refsource_VUPEN
    http://osvdb.org/35479 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/25067 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.lms.org.pl/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz"
              },
              {
                "name": "23715",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23715"
              },
              {
                "name": "ADV-2007-1580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1580"
              },
              {
                "name": "35479",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35479"
              },
              {
                "name": "25067",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-05-02T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.lms.org.pl/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz"
            },
            {
              "name": "23715",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23715"
            },
            {
              "name": "ADV-2007-1580",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1580"
            },
            {
              "name": "35479",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35479"
            },
            {
              "name": "25067",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25067"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2198",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.lms.org.pl/",
                  "refsource": "CONFIRM",
                  "url": "http://www.lms.org.pl/"
                },
                {
                  "name": "http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz",
                  "refsource": "CONFIRM",
                  "url": "http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz"
                },
                {
                  "name": "23715",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23715"
                },
                {
                  "name": "ADV-2007-1580",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1580"
                },
                {
                  "name": "35479",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35479"
                },
                {
                  "name": "25067",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25067"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2198",
        "datePublished": "2007-04-24T18:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1643 (GCVE-0-2007-1643)

    Vulnerability from nvd – Published: 2007-03-24 00:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/1086 vdb-entryx_refsource_VUPEN
    http://www.attrition.org/pipermail/vim/2007-April… mailing-listx_refsource_VIM
    http://www.securityfocus.com/bid/23099 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/23100 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/3545 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/24621 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:25.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-1086",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1086"
              },
              {
                "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
              },
              {
                "name": "23099",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23099"
              },
              {
                "name": "lms-userpanelwelcome-file-include(33158)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33158"
              },
              {
                "name": "23100",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23100"
              },
              {
                "name": "3545",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3545"
              },
              {
                "name": "24621",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24621"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-1086",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1086"
            },
            {
              "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
            },
            {
              "name": "23099",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23099"
            },
            {
              "name": "lms-userpanelwelcome-file-include(33158)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33158"
            },
            {
              "name": "23100",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23100"
            },
            {
              "name": "3545",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3545"
            },
            {
              "name": "24621",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24621"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1643",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-1086",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1086"
                },
                {
                  "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
                },
                {
                  "name": "23099",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23099"
                },
                {
                  "name": "lms-userpanelwelcome-file-include(33158)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33158"
                },
                {
                  "name": "23100",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23100"
                },
                {
                  "name": "3545",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3545"
                },
                {
                  "name": "24621",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24621"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1643",
        "datePublished": "2007-03-24T00:00:00.000Z",
        "dateReserved": "2007-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:25.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2205 (GCVE-0-2007-2205)

    Vulnerability from cvelistv5 – Published: 2007-04-24 20:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.attrition.org/pipermail/vim/2007-April… mailing-listx_refsource_VIM
    http://osvdb.org/35480 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/2630 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/466664/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/23611 vdb-entryx_refsource_BID
    Date Public
    2007-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "lms-rtmessageadd-file-include(33819)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33819"
              },
              {
                "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
              },
              {
                "name": "35480",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35480"
              },
              {
                "name": "2630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2630"
              },
              {
                "name": "20070422 lms 1.5.3 Remote File Inclusion",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/466664/100/0/threaded"
              },
              {
                "name": "23611",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23611"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "lms-rtmessageadd-file-include(33819)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33819"
            },
            {
              "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
            },
            {
              "name": "35480",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35480"
            },
            {
              "name": "2630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2630"
            },
            {
              "name": "20070422 lms 1.5.3 Remote File Inclusion",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/466664/100/0/threaded"
            },
            {
              "name": "23611",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23611"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2205",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "lms-rtmessageadd-file-include(33819)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33819"
                },
                {
                  "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
                },
                {
                  "name": "35480",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35480"
                },
                {
                  "name": "2630",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2630"
                },
                {
                  "name": "20070422 lms 1.5.3 Remote File Inclusion",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/466664/100/0/threaded"
                },
                {
                  "name": "23611",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23611"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2205",
        "datePublished": "2007-04-24T20:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2198 (GCVE-0-2007-2198)

    Vulnerability from cvelistv5 – Published: 2007-04-24 18:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.lms.org.pl/ x_refsource_CONFIRM
    http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz x_refsource_CONFIRM
    http://www.securityfocus.com/bid/23715 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/1580 vdb-entryx_refsource_VUPEN
    http://osvdb.org/35479 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/25067 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.lms.org.pl/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz"
              },
              {
                "name": "23715",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23715"
              },
              {
                "name": "ADV-2007-1580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1580"
              },
              {
                "name": "35479",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35479"
              },
              {
                "name": "25067",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-05-02T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.lms.org.pl/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz"
            },
            {
              "name": "23715",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23715"
            },
            {
              "name": "ADV-2007-1580",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1580"
            },
            {
              "name": "35479",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35479"
            },
            {
              "name": "25067",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25067"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2198",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.lms.org.pl/",
                  "refsource": "CONFIRM",
                  "url": "http://www.lms.org.pl/"
                },
                {
                  "name": "http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz",
                  "refsource": "CONFIRM",
                  "url": "http://www.lms.org.pl/download/1.6/lms-1.6.9.tar.gz"
                },
                {
                  "name": "23715",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23715"
                },
                {
                  "name": "ADV-2007-1580",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1580"
                },
                {
                  "name": "35479",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35479"
                },
                {
                  "name": "25067",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25067"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2198",
        "datePublished": "2007-04-24T18:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1643 (GCVE-0-2007-1643)

    Vulnerability from cvelistv5 – Published: 2007-03-24 00:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/1086 vdb-entryx_refsource_VUPEN
    http://www.attrition.org/pipermail/vim/2007-April… mailing-listx_refsource_VIM
    http://www.securityfocus.com/bid/23099 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/23100 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/3545 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/24621 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:25.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-1086",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1086"
              },
              {
                "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
              },
              {
                "name": "23099",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23099"
              },
              {
                "name": "lms-userpanelwelcome-file-include(33158)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33158"
              },
              {
                "name": "23100",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23100"
              },
              {
                "name": "3545",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3545"
              },
              {
                "name": "24621",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24621"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-1086",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1086"
            },
            {
              "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
            },
            {
              "name": "23099",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23099"
            },
            {
              "name": "lms-userpanelwelcome-file-include(33158)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33158"
            },
            {
              "name": "23100",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23100"
            },
            {
              "name": "3545",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3545"
            },
            {
              "name": "24621",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24621"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1643",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-1086",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1086"
                },
                {
                  "name": "20070426 true: 2 distinct LMS RFI, one old, one new; and vague ACK",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-April/001560.html"
                },
                {
                  "name": "23099",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23099"
                },
                {
                  "name": "lms-userpanelwelcome-file-include(33158)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33158"
                },
                {
                  "name": "23100",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23100"
                },
                {
                  "name": "3545",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3545"
                },
                {
                  "name": "24621",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24621"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1643",
        "datePublished": "2007-03-24T00:00:00.000Z",
        "dateReserved": "2007-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:25.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }