CVE-2003-1196
published 2003-11-03CVE-2003-1196: SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.23%
65.2th percentile
SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vienuke | vieboard | — | — |
| vienuke | vieboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server - Arbitrary File Deletion
exploitdb·2012-03-19
CVE-2012-1196 LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server - Arbitrary File Deletion
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server - Arbitrary File Deletion
---
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server WSVulnerabilityCore.dll
SetTaskLogByFile() Remote Arbitrary File Deletion Vulnerability
Tested against: Microsoft Windows Server 2003 r2 sp2
Software home page: http://www.landesk.com/lenovo/thinkmanagement-console.aspx
Download url: http://www.landesk.com/downloads/lenovo/50.aspx
Files tested:
ThinkManagement9.0.2.exe
LD90-SP2-MCP_CONS-2011-0428.exe
LD90-SP2-MCP_SD-2011-0428.exe
ThinkManagementConsole9.0.3_b28.zip
Instrunctions were to install 9.0.2, then apply two patches, finally to install 9.0.3
Background:
The mentioned product creates various virtual directories on IIS.
Among them the 'WSVulnerabilityCore' one.
Without prior authenticatio
Exploit-DB
VieNuke VieBoard 2.6 - SQL Injection
exploitdb·2003-11-03
CVE-2003-1196 VieNuke VieBoard 2.6 - SQL Injection
VieNuke VieBoard 2.6 - SQL Injection
---
source: https://www.securityfocus.com/bid/8967/info
It has been reported that VieNuke VieBoard may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database.
A malicious user may influence database queries in order to view or modify sensitive information potentially compromising the software or the database.
http://www.example.com/vie/viewtopic.asp?forumid=48&id=2736'
No writeups or analysis indexed.
http://www.osvdb.org/2789http://www.securityfocus.com/bid/8967http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1https://exchange.xforce.ibmcloud.com/vulnerabilities/13629http://www.osvdb.org/2789http://www.securityfocus.com/bid/8967http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1https://exchange.xforce.ibmcloud.com/vulnerabilities/13629
2003-11-03
Published