CVE-2008-0232
published 2008-01-11CVE-2008-0232: Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zero_cms | zero_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - 'KiTrap0D' User Mode to Ring Escalation (MS10-015)
exploitdb·2010-01-19·CVSS 7.8
CVE-2010-0232 [HIGH] Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - 'KiTrap0D' User Mode to Ring Escalation (MS10-015)
Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - 'KiTrap0D' User Mode to Ring Escalation (MS10-015)
---
Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11199.zip (KiTrap0D.zip)
E-DB Note: Make sure to run "vdmallowed.exe" (pre-compiled) inside the subfolder.
Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack
CVE-2010-0232
In order to support BIOS service routines in legacy 16bit applications, the
Windows NT Kernel supports the concept of BIOS calls in the Virtual-8086 mode
monitor code. These are implemented in two stages, the kernel transitions to
the second stage when the #GP trap handler (nt!KiTrap0D) detects that the
faulting cs:eip matches specific magic values.
Transitioning to the second stage involves
Exploit-DB
ZeroCMS 1.0 Alpha - Arbitrary File Upload / SQL Injection
exploitdb·2008-01-08
CVE-2008-0233 ZeroCMS 1.0 Alpha - Arbitrary File Upload / SQL Injection
ZeroCMS 1.0 Alpha - Arbitrary File Upload / SQL Injection
---
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| ____ __________ __ ____ __ |
| /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ |
| | |/ \ | | _(__ __| |___||__| |
| \/\______| \/ \/ |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Zero CMS Remote Arbitrary File Upload / SQL Injections |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Version: <= 1.0 Alpha (Last) |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Vendor: www.zero-cms.com |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Discovered by: KiNgOfThEwOrLd |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Intro: |
|
No writeups or analysis indexed.
http://packetstormsecurity.org/0801-exploits/zerocms-sql.txthttp://www.securityfocus.com/bid/27186https://exchange.xforce.ibmcloud.com/vulnerabilities/39530https://www.exploit-db.com/exploits/4864http://packetstormsecurity.org/0801-exploits/zerocms-sql.txthttp://www.securityfocus.com/bid/27186https://exchange.xforce.ibmcloud.com/vulnerabilities/39530https://www.exploit-db.com/exploits/4864
2008-01-11
Published