CVE-2004-2350
published 2004-12-31CVE-2004-2350: SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.21%
64.8th percentile
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Nadeo Game Engine - Remote Denial of Service
exploitdb·2004-02-09
CVE-2004-2077 Nadeo Game Engine - Remote Denial of Service
Nadeo Game Engine - Remote Denial of Service
---
// source: https://www.securityfocus.com/bid/9604/info
It has been reported that Nadeo Game Engine may be prone to a remote denial of service vulnerability that could allow an attacker to cause the software to crash or hang by sending arbitrary data to the software on TCP port 2350.
Nadeo Trackmania demo version has been reported to be affected by this issue.
/*
* [kill-trackmania.c]
* A remote DoS that affects the Trackmania game server
*
* by Scrap
* [email protected]
* http://www.securiteinfo.com
*
* gcc kill-trackmania.c -o kill-trackmania -O2
*
*/
#include
#include
#include
int main(int argc, char *argv[])
{
int sock;
struct sockaddr_in sin;
struct hostent *he;
unsigned long start;
char buffer[1024];
unsigned long counte
Exploit-DB
phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection
exploitdb·2004-01-04
CVE-2004-2350 phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection
phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection
---
source: https://www.securityfocus.com/bid/9883/info
A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries. The problem reportedly exists in one of the parameters of the search.php script. This issue is caused by insufficient sanitization of user-supplied data. A remote attacker may exploit this issue to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access.
#!/usr/bin/php -q
phpBB 2.0.6 fetch password hash by pokleyzz
# 4th January 2004 : 3:05 a.m
#
# bug found by pokleyzz (4th January 2004 )
#
# Requirement:
# PHP 4.x with curl extension;
#
# Greet:
# tynon, sk ,wanvadder, sir_flygu
No writeups or analysis indexed.
2004-12-31
Published