CVE-2007-3313
published 2007-06-21CVE-2007-3313: Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.75%
75.0th percentile
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| efstratios_geroulis | jasmine_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username INSERT
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username INSERT"; flow:established,to_server; http.uri; content:"/login.php?"; nocase; content:"login_username="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006494; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_A
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UPDATE
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UPDATE"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"item="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006503; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username DELETE
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username DELETE"; flow:established,to_server; http.uri; content:"/login.php?"; nocase; content:"login_username="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006495; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item INSERT
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item INSERT"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"item="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006500; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item DELETE
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item DELETE"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"item="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006501; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UNION SELECT
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UNION SELECT"; flow:established,to_server; http.uri; content:"/login.php?"; nocase; content:"login_username="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006493; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item SELECT
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item SELECT"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"item="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006498; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username ASCII
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username ASCII"; flow:established,to_server; http.uri; content:"/login.php?"; nocase; content:"login_username="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006496; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UNION SELECT
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UNION SELECT"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"item="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006499; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techni
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username SELECT
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username SELECT"; flow:established,to_server; http.uri; content:"/login.php?"; nocase; content:"login_username="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006492; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item ASCII
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item ASCII"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"item="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006502; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3313 [HIGH] ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UPDATE
ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UPDATE"; flow:established,to_server; http.uri; content:"/login.php?"; nocase; content:"login_username="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-3313; reference:url,www.milw0rm.com/exploits/4081; classtype:web-application-attack; sid:2006497; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_A
Exploit-DB
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
exploitdb·2016-08-10·CVSS 7.8
CVE-2016-3313 [HIGH] Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
---
#####################################################################################
# Application: Microsoft Office Word
# Platforms: Windows, OSX
# Versions: Microsoft Office Word 2007,2010,2013,2016
# Author: Sébastien Morin of COSIG
# Website: https://cosig.gouv.qc.ca/en/advisory/
# Twitter: @SebMorin1, @COSIG_
# Date: August 09, 2016
# CVE: CVE-2016-3313
# COSIG-2016-31
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#######################################################################################
1) Introduction
Microsoft Word is a word processor developed by Microsoft. It was first re
Exploit-DB
Jasmine CMS 1.0 - SQL Injection / Remote Code Execution
exploitdb·2007-06-19
CVE-2007-3313 Jasmine CMS 1.0 - SQL Injection / Remote Code Execution
Jasmine CMS 1.0 - SQL Injection / Remote Code Execution
---
#!/usr/bin/php -q -d short_open_tag=on
'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}
function head(){
print "-------------------------------------------------------------------------\r\n";
print " Jasmine CMS 1.0 SQL Injection/Remote Code Execution Exploit\r\n";
print "-------------------------------------------------------------------------\r\n";
}
function footer(){
print "-------------------------------------------------------------------------\r\n";
print " http://www.w4ck1ng.com\r\n";
print " ...Silentz\r\n";
print "-------------------------------------------------------------------------\r\n";
}
if ($exploit==0){
No writeups or analysis indexed.
http://osvdb.org/37068http://osvdb.org/37069http://secunia.com/advisories/25737http://www.securityfocus.com/bid/24546http://www.vupen.com/english/advisories/2007/2264https://exchange.xforce.ibmcloud.com/vulnerabilities/34936https://exchange.xforce.ibmcloud.com/vulnerabilities/34937https://www.exploit-db.com/exploits/4081http://osvdb.org/37068http://osvdb.org/37069http://secunia.com/advisories/25737http://www.securityfocus.com/bid/24546http://www.vupen.com/english/advisories/2007/2264https://exchange.xforce.ibmcloud.com/vulnerabilities/34936https://exchange.xforce.ibmcloud.com/vulnerabilities/34937https://www.exploit-db.com/exploits/4081
2007-06-21
Published