CVE-2008-2019
published 2008-04-30CVE-2008-2019: Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which…
PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.05%
89.4th percentile
Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simple_machines | smf | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g6xp-5gpp-gjqv: Simple Machines Forum (SMF), probably 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-2019 [HIGH] GHSA-g6xp-5gpp-gjqv: Simple Machines Forum (SMF), probably 1
Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308.
Red Hat
Struts2/WebWorks/XWork: ParameterInterceptors bypass allows OGNL statement execution
vendor_redhat·2008-06-12·CVSS 5.0
CVE-2008-6504 [MEDIUM] Struts2/WebWorks/XWork: ParameterInterceptors bypass allows OGNL statement execution
Struts2/WebWorks/XWork: ParameterInterceptors bypass allows OGNL statement execution
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
Statement: A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled in any Red Hat provided final products, and doe
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)
Rule: alert udp any any -> $HOME_NET 139 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)"; content:"|1F 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|00 2E 00 2E 00 5C 00 2E 00 2E 00 5C|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008694; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)"; flow:established,to_server; content:"|0B|"; offset:2; depth:1; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008701; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)"; flow:established,to_server; content:"|20 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"/../"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008713; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)"; flow:established,to_server; content:"|00 2e 00 2e 00 2f 00 2e 00 2e 00 2f 00 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 87|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008721; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)"; flow:established,to_server; content:"|1F 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|00 2E 00 2E 00 2F 00 2E 00 2E 00 2F|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008704; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)
Rule: alert udp any any -> $HOME_NET 139 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)"; content:"|20 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|00 2E 00 2E 00 2F 00 2E 00 2E 00 2F|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008698; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)"; flow:established,to_server; content:"|1F 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|5C|..|5C|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008702; rev:6; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET SCADA CitectSCADA ODBC Overflow Attempt
suricata·2010-07-30
CVE-2008-2639 ET SCADA CitectSCADA ODBC Overflow Attempt
ET SCADA CitectSCADA ODBC Overflow Attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 20222 (msg:"ET SCADA CitectSCADA ODBC Overflow Attempt"; flow:established,to_server; dsize:4; byte_test:4,>,399,0; reference:cve,2008-2639; reference:url,www.digitalbond.com/index.php/2008/09/08/ids-signature-for-citect-vuln/; reference:url,digitalbond.com/tools/quickdraw/vulnerability-rules; classtype:attempted-user; sid:2008542; rev:8; metadata:created_at 2010_07_30, cve CVE_2008_2639, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance
Rule: alert udp any any -> $HOME_NET 139 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance"; content:"|00 2e 00 2e 00 2f 00 2e 00 2e 00 2f 00 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 87|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008700; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22)"; flow:established,to_server; content:"|20 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|5C|..|5C|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008712; rev:6; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Exploit-DB
Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution
exploitdb·2019-03-13·CVSS 8.8
CVE-2019-0541 [HIGH] Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution
Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution
---
# Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execution Vulnerability
# Google Dork: N/A
# Date: March, 13 2019
# Exploit Author: Eduardo Braun Prado
# Vendor Homepage: http://www.microsoft.com/
# Software Link: http://www.microsoft.com/
# Version: Windows 7 SP1, Server 2008, Server 2012, Server 2012 R2, 8.0, 8.1, 10 (any) with full patches up to December 2018. both x86 and x64 architectures.
# Tested on: Windows 7 SP1, Server 2008, Server 2012, Server 2012 R2, 8.0, 8.1, 10 (any) with full patches up to December 2018. both x86 and x64 architectures.
# CVE : CVE-2019-0541
The Microsoft Windows MSHTML Engine is prone to a vulnerability that allows attackers to execute arbitrar
Metasploit
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
metasploit·CVSS 9.8
CVE-2019-0708 [CRITICAL] CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution. Windows 7 SP1 and Windows Server 2008 R2 are the only currently supported targets. Windows 7 SP1 should be exploitable in its default configuration, assuming your target selection is correctly matched to the system's memory layout. HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\Winstations\RDP-Tcp\fDisableCam *needs* to be set to 0 for exploitation to succeed against Windows Server 2008 R2. This is a non-sta
Unit42
Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350
blogs_unit42·2020-07-21·CVSS 10.0
CVE-2020-1350 [CRITICAL] Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350
## Executive Summary
In July 2020, Microsoft released a security update, CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability, for a new remote code execution (RCE) vulnerability.
This vulnerability exists within the Microsoft Windows Domain Name System (DNS) Server due to the improper handling of certain types of requests, specifically over port 53/TCP. Exploitation of this vulnerability is possible by creating an integer overflow, potentially leading to remote code execution.
This vulnerability only affects Windows DNS and the following builds of the Microsoft Windows operating system (OS):
- Windows Server 2008/2008 R2
- Windows Server 2012/2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server version 1803/1903/1909/2004 (Server Core installation)
#
Krebs
Patch Tuesday, December 2019 Edition
blogs_krebs·2019-12-11·CVSS 7.8
CVE-2019-1458 [HIGH] Patch Tuesday, December 2019 Edition
Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks.
By nearly all accounts, the chief bugaboo this month is CVE-2019-1458 , a vulnerability in a core Windows component (Win32k) that is present in Windows 7 through 10 and Windows Server 2008-2019. This bug is already being exploited in the wild, and according to Recorded Future the exploit available for it is similar to CVE-2019-0859 , a Windows flaw reported in April that was found being sold in undergrou
Krebs
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
blogs_krebs·2019-05-14·CVSS 9.8
CVE-2019-0708 [CRITICAL] Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
The May 2017 global malware epidemic WannaCry affected some 200,000 Windows systems in 150 countries. Source: Wikipedia.
The vulnerability ( CVE-2019-0708 ) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7 , Windows Server 2008 R2 , and Windows Server 2008 . It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updat
Krebs
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
blogs_krebs·2019-05-14·CVSS 9.8
CVE-2019-0708 [CRITICAL] Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
The vulnerability (CVE-2019-0708) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates.
Microsoft said the company has not yet observed any evidence of attacks against the dangerous security flaw, but that it is
http://securityreason.com/securityalert/3836http://www.rooksecurity.com/blog/?p=6http://www.securityfocus.com/archive/1/491128/100/0/threadedhttp://www.securityfocus.com/bid/28866http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0https://exchange.xforce.ibmcloud.com/vulnerabilities/42150http://securityreason.com/securityalert/3836http://www.rooksecurity.com/blog/?p=6http://www.securityfocus.com/archive/1/491128/100/0/threadedhttp://www.securityfocus.com/bid/28866http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0https://exchange.xforce.ibmcloud.com/vulnerabilities/42150
2008-04-30
Published