CVE-2008-2181
published 2008-05-13CVE-2008-2181: Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.57%
72.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cplinks | cplinks | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zookeeper 3.5.2 Client - Denial of Service
exploitdb·2017-07-02
CVE-2017-5637 Zookeeper 3.5.2 Client - Denial of Service
Zookeeper 3.5.2 Client - Denial of Service
---
#!/usr/bin/python
# Exploit Title: Zookeeper Client Denial Of Service (Port 2181)
# Date: 2/7/2017
# Exploit Author: Brandon Dennis
# Email: [email protected]
# Software Link: http://zookeeper.apache.org/releases.html#download
# Zookeeper Version: 3.5.2
# Tested on: Windows 2008 R2, Windows 2012 R2 x64 & x86
# Description: The wchp command to the ZK port 2181 will gather open internal files by each session/watcher and organize them for the requesting client.
# This command is CPU intensive and will cause a denial of service to the port as well as spike the CPU of the remote machine to 90-100% consistently before any other traffic.
# The average amount of threads uses was 10000 for testing. This should work on all 3.x+ versions of Zook
Exploit-DB
Cplinks 1.03 - Authentication Bypass / SQL Injection / Cross-Site Scripting
exploitdb·2008-05-04
CVE-2008-2181 Cplinks 1.03 - Authentication Bypass / SQL Injection / Cross-Site Scripting
Cplinks 1.03 - Authentication Bypass / SQL Injection / Cross-Site Scripting
---
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: cpLinks v1.03 Multiple Vulnerabilities (bypass/SQL/XXS)
Author :: InjEctOr [s0f (at) w (dot) cn]
&& FishEr762 [SQ7 (at) w (dot) cn ]
Script Site :: http://www.cplinks.com/
Dork :: ThinkinG
Greets :: Allah ,TryaG TeaM & Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.
--------------------------------
No writeups or analysis indexed.
http://secunia.com/advisories/30024http://www.securityfocus.com/bid/29035http://www.vupen.com/english/advisories/2008/1431/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42171https://www.exploit-db.com/exploits/5538http://secunia.com/advisories/30024http://www.securityfocus.com/bid/29035http://www.vupen.com/english/advisories/2008/1431/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42171https://www.exploit-db.com/exploits/5538
2008-05-13
Published