CVE-2008-0141
published 2008-01-08CVE-2008-0141: actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.31%
89.9th percentile
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webportal_cms_project | webportal_cms | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
exploitdb·2014-04-28·CVSS 7.9
CVE-2013-0140 [HIGH] McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
McAfee ePolicy Orchestrator 4.6.0 4.6.5
# Tested on: Windows 2003/2008
# CVE : CVE-2013-0140 , CVE-2013-0141
# More info on: http://funoverip.net/?p=1685 & https://github.com/funoverip/epowner
PoC:
v0.2.1- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33071-2.tar.gz (epowner-0.2.1.zip)
INTRODUCTION
- In short, this tool registers a rogue agent on the ePo server and then takes advantage of the
following vulnerabilities to perform multiple actions :
- CVE-2013-0140 : Pre-auth SQL Injection
- CVE-2013-0141 : Pre-auth Directory Path Traversal
- The tool manages the following actions, called "mode" :
-r, --register Register a new agent on the ePo server (it's free)
--check Check the SQL Injection vunerability
--add-admin Add a new web admin account into
Exploit-DB
WebPortal CMS 0.6-beta - Remote Password Change
exploitdb·2008-01-04
CVE-2008-0142 WebPortal CMS 0.6-beta - Remote Password Change
WebPortal CMS 0.6-beta - Remote Password Change
---
#!/usr/bin/python
#=================================================================================================#
# ____ __________ __ ____ __ #
# /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ #
# | |/ \ | | _(__ __| |___||__| #
# \/\______| \/ \/ #
#=================================================================================================#
# This is a Public Exploit. #
# Date: 04/01/2008 [dd,mm,yyyy] #
# #
# !!!Happy New Year!!! #
# #
#=================================================================================================#
# WebPortal-0.6-beta Cms And Maybe Lower Remote Password Change Exploit #
# #
# Vendor: webportal.ivanoculmine.com #
# Severity: Highest #
# Author: The:Paradox #
#====================================
No writeups or analysis indexed.
2008-01-08
Published