CVE-2006-3103
published 2006-06-21CVE-2006-3103: Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.65%
90.6th percentile
Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitweaver | bitweaver | <= 2.0.0 | — |
| bitweaver | bitweaver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5h2q-v3jg-86vj: Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-6374 [MEDIUM] CWE-79 GHSA-5h2q-v3jg-86vj: Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
GHSA
GHSA-pxqx-p46v-2hxg: Cross-site scripting (XSS) vulnerability in Bitweaver 1
ghsa_unreviewed·2022-05-01
CVE-2006-3103 [MEDIUM] GHSA-pxqx-p46v-2hxg: Cross-site scripting (XSS) vulnerability in Bitweaver 1
Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.
No detection rules found.
Exploit-DB
Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050)
exploitdb·2010-08-17
CVE-2009-3103 Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050)
Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050)
---
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
Exploited by Piotr Bania // www.piotrbania.com
Exploit for Vista SP2/SP1 only, should be reliable!
Tested on:
Vista sp2 (6.0.6002.18005)
Vista sp1 ultimate (6.0.6001.18000)
Kudos for:
Stephen, HDM, Laurent Gaffie(bug) and all the mates i know, peace.
Special kudos for prdelka for testing this shit and all the hosters.
Sample usage
> smb2_exploit.exe 192.167.0.5 45 0
> telnet 192.167.0.5 28876
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>whoami
whoami
nt authority\system
C:\Windows\system32>
When all is done it should spawn a port TARGET_IP:2
Exploit-DB
Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime
exploitdb·2006-06-15
CVE-2006-3105 Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime
Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime
---
#!/usr/bin/php -q -d short_open_tag=on
mErrors['article_image'] = "Error during attachment of article image";
} else {
$resizeFunc = ( $gBitSystem->getPreference( 'image_processor' ) == 'imagick' ) ? 'liberty_imagick_resize_image' : 'liberty_gd_resize_image';
$pFileHash['source_file'] = $tmpImagePath;
$pFileHash['dest_path'] = TEMP_PKG_NAME.'/'.ARTICLES_PKG_NAME.'/';
// remove the extension
$pFileHash['dest_base_name'] = $tmpImageName;
$pFileHash['max_width'] = ARTICLE_TOPIC_THUMBNAIL_SIZE;
$pFileHash['max_height'] = ARTICLE_TOPIC_THUMBNAIL_SIZE;
$pFileHash['type'] = $_FILES['article_image']['type'];
if( !( $resizeFunc( $pFileHash ) ) ) {
$this->mErrors[] = 'Error while resizing article image';
}
@unlink( $tmpImagePath );
...
explai
No writeups or analysis indexed.
http://retrogod.altervista.org/bitweaver_13_xpl.htmlhttp://secunia.com/advisories/20695http://securityreason.com/securityalert/1115http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358http://www.bitweaver.org/articles/45http://www.osvdb.org/26588http://www.securityfocus.com/archive/1/437491/100/0/threadedhttp://www.vupen.com/english/advisories/2006/2405https://exchange.xforce.ibmcloud.com/vulnerabilities/27213http://retrogod.altervista.org/bitweaver_13_xpl.htmlhttp://secunia.com/advisories/20695http://securityreason.com/securityalert/1115http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358http://www.bitweaver.org/articles/45http://www.osvdb.org/26588http://www.securityfocus.com/archive/1/437491/100/0/threadedhttp://www.vupen.com/english/advisories/2006/2405https://exchange.xforce.ibmcloud.com/vulnerabilities/27213
2006-06-21
Published