CVE-2005-1191
published 2005-05-02CVE-2005-1191: The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a…
PriorityP433medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
19.62%
97.0th percentile
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Simple PHP Blog 0.4.0 - Remote Command Execution (Metasploit)
exploitdb·2010-07-25
CVE-2005-2733 Simple PHP Blog 0.4.0 - Remote Command Execution (Metasploit)
Simple PHP Blog 0.4.0 - Remote Command Execution (Metasploit)
---
##
# $Id: sphpblog_file_upload.rb 9929 2010-07-25 21:37:54Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Simple PHP Blog %q{
This module combines three separate issues within The Simple PHP Blog ( [ 'Matteo Cantoni ', 'patrick' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9929 $',
'References' =>
[
['CVE', '2005-2733'],
['OSVDB', '19012'],
['BID', '14667'],
['URL', 'http://www.milw0rm.com/exploits/1191'],
],
'Privileged' => false,
'Payload' =>
{
'DisableNo
Exploit-DB
Microsoft Windows 98/2000 Explorer - Preview Pane Script Injection
exploitdb·2005-04-19
CVE-2005-1191 Microsoft Windows 98/2000 Explorer - Preview Pane Script Injection
Microsoft Windows 98/2000 Explorer - Preview Pane Script Injection
---
source: https://www.securityfocus.com/bid/13248/info
Microsoft Windows Explorer is prone to a script injection vulnerability. This occurs when the Windows Explorer preview pane (Web View) is enabled on Windows 2000 computers. Windows 98/98SE/ME are also affected by this issue. If a file with malicious attributes is selected using Explorer, script code contained in the attribute fields may be executed with the privilege level of the user that invoked Explorer. This could be exploited to gain unauthorized access to the vulnerable computer in the context of the currently logged in user.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25454-1.doc
https://gitlab.com/exploit-database/expl
No writeups or analysis indexed.
http://security.greymagic.com/security/advisories/gm015-iehttp://www.securityfocus.com/archive/1/396224http://www.securityfocus.com/bid/13248http://www.vupen.com/english/advisories/2005/0509https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024https://exchange.xforce.ibmcloud.com/vulnerabilities/20380https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585http://security.greymagic.com/security/advisories/gm015-iehttp://www.securityfocus.com/archive/1/396224http://www.securityfocus.com/bid/13248http://www.vupen.com/english/advisories/2005/0509https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024https://exchange.xforce.ibmcloud.com/vulnerabilities/20380https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585
2005-05-02
Published