CVE-2003-0269
published 2003-05-27CVE-2003-0269: Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable.
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.99%
58.0th percentile
Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| youbin | youbin | — | — |
| youbin | youbin | — | — |
| youbin | youbin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP-Nuke 6.x - 'Category' SQL Injection
exploitdb·2003-12-23
CVE-2004-0269 PHP-Nuke 6.x - 'Category' SQL Injection
PHP-Nuke 6.x - 'Category' SQL Injection
---
source: https://www.securityfocus.com/bid/9630/info
It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the 'index.php' page.
PHPNuke versions 6.9 and prior have been reported to be prone to this issue, however other versions may be affected as well.
#!/usr/bin/php -q
PHPnuke 6.x and 5.x fetch author hash by pokleyzz
# 27th December 2003 : 4:54 a.m
#
# bug found by pokleyzz (11th December 2003 ) for HITB 2003 security conference
# (Shame on You!!)
#
# Requirement:
# PHP 4.x with curl extension;
#
# Greet:
# tynon, sk ,wanvadder, sir_flyguy, wxyz , tenukboncit, kerengga_kurus ,
# s0cket3
Exploit-DB
Youbin 2.5/3.0/3.4 - 'HOME' Buffer Overflow
exploitdb·2003-05-06
CVE-2003-0269 Youbin 2.5/3.0/3.4 - 'HOME' Buffer Overflow
Youbin 2.5/3.0/3.4 - 'HOME' Buffer Overflow
---
source: https://www.securityfocus.com/bid/7503/info
It has been reported that youbin is vulnerable to a locally exploitable buffer overflow. The problem is said to occur while processing environment variables. Specifically, an internal memory buffer may be overrun while handling a HOME environment variable containing excessive data. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the youbin process, typically root.
It should be noted that although this vulnerability has been reported to affect youbin version 3.4, previous versions might also be affected.
#!/usr/bin/perl
# DSR-youbin.pl - kokaninATdtors.net vs. /usr/ports/mail/youbin
# offset, retaddr and shellcode is for my FreeBSD 4
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0053.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004892.htmlhttp://marc.info/?l=bugtraq&m=105223947528794&w=2http://www.securityfocus.com/bid/7503https://exchange.xforce.ibmcloud.com/vulnerabilities/11949http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0053.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004892.htmlhttp://marc.info/?l=bugtraq&m=105223947528794&w=2http://www.securityfocus.com/bid/7503https://exchange.xforce.ibmcloud.com/vulnerabilities/11949
2003-05-27
Published