CVE-2005-1011
published 2005-05-02CVE-2005-1011: SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.39%
81.9th percentile
SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
freeFTPd 1.0.8 - 'USER' Remote Buffer Overflow
exploitdb·2005-11-17
CVE-2005-3684 freeFTPd 1.0.8 - 'USER' Remote Buffer Overflow
freeFTPd 1.0.8 - 'USER' Remote Buffer Overflow
---
/*
_______ ________ .__ _____ __
___ __\ _ \ ____ \_____ \ | |__ / | | ____ | | __
\ \/ / /_\ \ / \ _(__ __|_ \
\/ \/ \/ \/ 26\09\05 \/ |__| \/ \/
[i] Title: FreeFTPD Remote USER Buffer overflow
[i] Discovered by: barabas [mutsonline]
[i] Exploit by: Expanders
[ Why FTPD crash? ]
When logging option is enabled freeftpd copy the user and the pass supplied by the user in the memory before put it in a logfile.
----Code Snippet----
78001D5D MOV ECX,DWORD PTR SS:[ESP+4] Ftpd put in ECX SP+4 that point to the user supplied data.
If attacker's username is too big for the size of the buffer first we go to overwrite SEH handler(1011 bytes) and then the stack itself.
Beacuse stack point to our buffer this code
----Code Snippet----
78001D90
Exploit-DB
SiteEnable - SQL Injection
exploitdb·2005-04-02
CVE-2005-1011 SiteEnable - SQL Injection
SiteEnable - SQL Injection
---
source: https://www.securityfocus.com/bid/12985/info
SiteEnable is reported prone to an SQL injection vulnerability.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
All versions of SiteEnable are considered vulnerable at the moment.
http://www.example.com/content.asp?do_search=0&keywords=contact&page_no=2&sortby=;SELECT%20* FROM bla bla--
No writeups or analysis indexed.
2005-05-02
Published