CVE-2008-0099
published 2008-01-08CVE-2008-0099: Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.85%
53.5th percentile
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myphp_forum | myphp_forum | <= 3.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)
exploitdb·2016-07-13
CVE-2016-0099 Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)
Microsoft Windows 7 'MS16-032 Secondary Logon Handle Privilege Escalation',
'Description' => %q{
This module exploits the lack of sanitization of standard handles in Windows' Secondary
Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12
32 and 64 bit. This module will only work against those versions of Windows with
Powershell 2.0 or later and systems with two or more CPU cores.
},
'License' => BSD_LICENSE,
'Author' =>
[
'James Forshaw', # twitter.com/tiraniddo
'b33f', # @FuzzySec, http://www.fuzzysecurity.com'
'khr0x40sh'
],
'References' =>
[
[ 'MS', 'MS16-032'],
[ 'CVE', '2016-0099'],
[ 'URL', 'https://twitter.com/FuzzySec/status/723254004042612736' ],
[ 'URL', 'https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html']
]
Exploit-DB
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)
exploitdb·2016-04-25
CVE-2016-0099 Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)
---
# Exploit Title: Microsoft Windows 7-10 & Server 2008-2012 - Local Privilege Escalation (x32/x64) (MS16-032) (C#)
# Date: 2016-04-25
# Author: @fdiskyou
# e-mail: rui at deniable.org
# Original exploit: https://www.exploit-db.com/exploits/39719/
# All credits go to @FuzzySec
# C# version with @FuzzySec powershell code which does not rely on powershell.exe. Instead it runs from a powershell runspace environment (.NET). Helpful in security restricted environments with GPO, SRP, App Locker.
# To compile MS16-032 you need to import this project within Microsoft Visual Studio or if you don't have access to a Visual Studio installation, you can compile with csc.exe.
# It uses the System.Management.Auto
Exploit-DB
MyPHP Forum 3.0 - 'Final' SQL Injection
exploitdb·2008-01-03
CVE-2008-0099 MyPHP Forum 3.0 - 'Final' SQL Injection
MyPHP Forum 3.0 - 'Final' SQL Injection
---
#=================================================================================================#
# ____ __________ __ ____ __ #
# /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ #
# | |/ \ | | _(__ __| |___||__| #
# \/\______| \/ \/ #
#=================================================================================================#
# This is a Public Exploit. #
# Date: 03/01/2008 [dd,mm,yyyy] #
# #
# !!!Happy New Year!!! #
# #
#=================================================================================================#
# MyPHP Forum v3.0 (Final) And Maybe Lower Multiple Sql Injection Vulnerabilities (Mq=Off/On) #
# #
# Vendor: www.myphp.ws #
# Severity: Highest #
# Author: The:Paradox #
# #
#==================================================
No writeups or analysis indexed.
2008-01-08
Published