CVE-2007-0549
published 2007-01-29CVE-2007-0549: Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user…
PriorityP418medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.13%
62.4th percentile
Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 212cafe | 212cafeboard | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Oracle 9i/10g DBMS_METADATA.GET_DDL - SQL Injection (2)
exploitdb·2007-02-26
CVE-2006-0549 Oracle 9i/10g DBMS_METADATA.GET_DDL - SQL Injection (2)
Oracle 9i/10g DBMS_METADATA.GET_DDL - SQL Injection (2)
---
#!/usr/bin/perl
#
# Remote Oracle DBMS_METADATA.GET_DDL exploit (9i/10g)
# - Version 2 - New "evil cursor injection" tip!
# - No "create procedure" privileg needed!
# - See: http://www.databasesecurity.com/ (Cursor Injection)
#
# Grant or revoke dba permission to unprivileged user
#
# Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0"
#
# REF: https://www.securityfocus.com/bid/16287
#
# AUTHOR: Andrea "bunker" Purificato
# http://rawlab.mindcreations.com
#
# DATE: Copyright 2007 - Fri Feb 26 12:32:55 CET 2007
#
# Oracle InstantClient (basic + sdk) required for DBD::Oracle
#
# bunker@fin:~$ perl dbms_meta_get_ddlV2.pl -h localhost -s test -u bunker -p **** -r
# [-] Wait...
# [-] Revoking DBA from BUNKER...
# DB
Exploit-DB
Oracle 9i/10g - DBMS_METADATA.GET_DDL SQL Injection
exploitdb·2007-02-23
CVE-2006-0549 Oracle 9i/10g - DBMS_METADATA.GET_DDL SQL Injection
Oracle 9i/10g - DBMS_METADATA.GET_DDL SQL Injection
---
#!/usr/bin/perl
#
# Remote Oracle DBMS_METADAT.GET_DDL exploit (9i/10g)
#
# Grant or revoke dba permission to unprivileged user
#
# Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0"
#
# REF: https://www.securityfocus.com/bid/16287
#
# AUTHOR: Andrea "bunker" Purificato
# http://rawlab.mindcreations.com
#
# DATE: Copyright 2007 - Fri Feb 23 12:32:55 CET 2007
#
# Oracle InstantClient (basic + sdk) required for DBD::Oracle
#
#
# bunker@fin:~$ perl dbms_meta_get_ddl.pl -h localhost -s test -u bunker -p **** -r
# [-] Wait...
# [-] Revoking DBA from BUNKER...
# DBD::Oracle::db do failed: ORA-01031: insufficient privileges (DBD ERROR: OCIStmtExecute) [for Statement "REVOKE DBA FROM BUNKER"] at dbms_meta_get_ddl.pl line
No writeups or analysis indexed.
http://securityreason.com/securityalert/2212http://www.securityfocus.com/archive/1/457611/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/31650http://securityreason.com/securityalert/2212http://www.securityfocus.com/archive/1/457611/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/31650
2007-01-29
Published