CVE-2005-4006
published 2005-12-05CVE-2005-4006: SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2)…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.81%
75.9th percentile
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redgraphic | sapid_cms | <= 1.2.3.02 | — |
| redgraphic | sapid_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tcpdump - bgp_update_print Remote Denial of Service
exploitdb·2005-06-09
CVE-2005-1267 Tcpdump - bgp_update_print Remote Denial of Service
Tcpdump - bgp_update_print Remote Denial of Service
---
/*
* 2005-05-31: Modified by [email protected] to test tcpdump infinite
* loop vulnerability.
*
* libnet 1.1
* Build a BGP4 update message with what you want as payload
*
* Copyright (c) 2003 Fr d ric Raynal
* All rights reserved.
*
* Examples:
*
* empty BGP UPDATE message:
*
* # ./bgp4_update -s 1.1.1.1 -d 2.2.2.2
* libnet 1.1 packet shaping: BGP4 update + payload[raw]
* Wrote 63 byte TCP packet; check the wire.
*
* 13:44:29.216135 1.1.1.1.26214 > 2.2.2.2.179: S [tcp sum ok]
* 16843009:16843032(23) win 32767: BGP (ttl 64, id 242, len 63)
* 0x0000 4500 003f 00f2 0000 4006 73c2 0101 0101 [email protected].....
* 0x0010 0202 0202 6666 00b3 0101 0101 0202 0202 ....ff..........
* 0x0020 5002 7fff b288 0000 0101 0101 0101 0101 P...............
Exploit-DB
Neslo Desktop Rover 3.0 - Malformed Packet Remote Denial of Service
exploitdb·2005-04-20
CVE-2005-1204 Neslo Desktop Rover 3.0 - Malformed Packet Remote Denial of Service
Neslo Desktop Rover 3.0 - Malformed Packet Remote Denial of Service
---
source: https://www.securityfocus.com/bid/13281/info
Neslo Desktop Rover is prone to a remote denial of service. Reports indicate that the software will crash when a malformed packet is processed on TCP port 61427.
A remote attacker may exploit this condition crash the software and effectively deny service for legitimate users.
20:23:48.778009 192.168.28.133.32771 > 192.168.28.129.61427: P [tcp sum ok]
1:13(12) ack 1 win 5840 (DF) (ttl 64, id 24051, len 64)
4500 0040 5df3 4000 4006 226e c0a8 1c85
c0a8 1c81 8003 eff3 90a8 d150 7cda 8afa
8018 16d0 daab 0000 0101 080a 0000 8cbe
0000 0000 6352 0100 0000 0000 0000 0000
No writeups or analysis indexed.
http://sapid-club.com/en/viewtopic.php?p=586#586http://secunia.com/advisories/17859http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100http://www.osvdb.org/21389http://www.securityfocus.com/bid/15689http://www.vupen.com/english/advisories/2005/2703http://sapid-club.com/en/viewtopic.php?p=586#586http://secunia.com/advisories/17859http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100http://www.osvdb.org/21389http://www.securityfocus.com/bid/15689http://www.vupen.com/english/advisories/2005/2703
2005-12-05
Published