CVE-2005-1373
published 2005-05-03CVE-2005-1373: Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.47%
70.4th percentile
Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dream4 | koobi_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow
exploitdb·2005-09-20
CVE-2007-1373 Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow
Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow
---
/*
Mercury imap4 server remote buffer overflow exploit
author : c0d3r "kaveh razavi" [email protected] [email protected]
package : Mercury mail transport system 4.01a and prolly prior
workaround : upgrade to 4.01b version
advisory : not available right now
company address : www.pmail.com
timeline :
15 Sep 2005 : vulnerability reported by securiteam mailing list
20 Sep 2005 : IHS exploit released
exploit features :
1) 5 working targets including win2k , winxp , win2k3
2) reliable metasploit shellcode
3) autoconnect to shell
bad chars are : 0x20 0x0a
compiled with visual c++ 6 : cl mercury_imap.c
greeting to :
www.ihsteam.com the team , LorD and NT heya
www.ihsteam.net english version ,
www.exploitdev.com Jamie and Ben the two
Exploit-DB
SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Overflow
exploitdb·2005-02-19
CVE-2004-1373 SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Overflow
SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Overflow
---
/*
Object: PoC for Nullsoft SHOUTcast 1.9.4 File Request Format String Vulnerability
From the securityfocus bid at https://www.securityfocus.com/bid/12096 :
"This issue was reported to exist in version 1.9.4 on Linux. It is likely that versions for other
platforms are also affected by the vulnerability, though it is not known to what degree they are
exploitable."
This is now clarified, it's exploitable.
notes: This is a two steps exploitation: the format bug is used to compute a buffer
that will overwrite the stack later, resulting in a SEH overwriting.
The exploit works for both the GUI and the console servers.
greets: Sputnik
`date`: Sat Feb 19 15:48:45 2005
credits: Tomasz Trojanowski
author: mandragore, ma
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111464009913703&w=2http://secunia.com/advisories/14696http://www.osvdb.org/15997http://www.securityfocus.com/bid/13412http://www.securityfocus.com/bid/13413https://exchange.xforce.ibmcloud.com/vulnerabilities/20293http://marc.info/?l=bugtraq&m=111464009913703&w=2http://secunia.com/advisories/14696http://www.osvdb.org/15997http://www.securityfocus.com/bid/13412http://www.securityfocus.com/bid/13413https://exchange.xforce.ibmcloud.com/vulnerabilities/20293
2005-05-03
Published