CVE-2008-1895
published 2008-04-18CVE-2008-1895: Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.19%
64.0th percentile
Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| carboncommunities | carbon_communities | <= 2.4 | — |
| carboncommunities | carbon_communities | — | — |
| carboncommunities | carbon_communities | — | — |
| carboncommunities | carbon_communities | — | — |
| carboncommunities | carbon_communities | — | — |
| carboncommunities | carbon_communities | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Carbon Communities 2.4 - Multiple Vulnerabilities
exploitdb·2008-04-16
CVE-2008-1896 Carbon Communities 2.4 - Multiple Vulnerabilities
Carbon Communities 2.4 - Multiple Vulnerabilities
---
########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Multiple Vulnerabilities in Carbon Communities forum.
# Vendor: www.carboncommunities.com
# Vulnerable Version: 2.4 and prior versions
# Exploit: Available
# Impact: High
# Fix: N/A
# Original Advisory: http://bugreport.ir/index.php?/35
###################################################################################
####################
1. Description:
####################
Carbon Communities is a high powered, fully scalable, and highly customizable online portal, message boards/ bulletin board, discussion hub, Private messaging, Event Calendars, Emails and chat software rolled into one.
###########
Exploit-DB
CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow
exploitdb·2008-03-16
CVE-2008-1472 CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow
CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow
---
Tested on:
- CA BrightStor ARCserve Backup r11.5 (ftp://ftp.ca.com/priv/trial/BABr11/BABLDr115/BABLDr115.zip)
- IE 6
- XP SP2 Polish
Details:..
Filename: CA\DSM\bin\ListCtrl.ocx
File description: Unicenter DSM r11 List Control ATX
CLSID: {BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}
ProgID: LISTCTRL.ListCtrlCtrl.1
Version: 11.2.3.1895
Company: CA
AddColumn(%u4141%u4141..[128], 1);
Exception C0000005 (ACCESS_VIOLATION reading [41414141])
EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ECX=41414141: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=7C9037D8: 8B 4C 24 04 F7 41 04 06-00 00 00 B8 01 00 00 00
ESP=0012A9C4: BF 37 90 7C AC AA 12 00-9
No writeups or analysis indexed.
http://bugreport.ir/index.php?/35http://bugreport.ir/index.php?/35/exploithttp://secunia.com/advisories/29827http://www.securityfocus.com/archive/1/490923/100/0/threadedhttp://www.securityfocus.com/bid/28806https://exchange.xforce.ibmcloud.com/vulnerabilities/41845https://www.exploit-db.com/exploits/5456http://bugreport.ir/index.php?/35http://bugreport.ir/index.php?/35/exploithttp://secunia.com/advisories/29827http://www.securityfocus.com/archive/1/490923/100/0/threadedhttp://www.securityfocus.com/bid/28806https://exchange.xforce.ibmcloud.com/vulnerabilities/41845https://www.exploit-db.com/exploits/5456
2008-04-18
Published