CVE-2008-3764
published 2008-08-21CVE-2008-3764: Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.33%
87.1th percentile
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| turnkeywebtools | php_live_helper | <= 2.0.1 | — |
| turnkeywebtools | php_live_helper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
exploitdb·2009-05-26·CVSS 10.0
CVE-2008-3529 [CRITICAL] Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
---
#!/usr/bin/ruby
#
# Quick-n-dirty PoC for APPLE-SA-2009-05-12 ala CVE-2008-3529
# Safari RSS feed:// buffer overflow via libxml2 by KF of Digitalmunition and Netragard
# http://www.digitalmunition.com , http://www.netragard.com
#
# The application PubSubAgent quit unexpectedly.
#
# Process: PubSubAgent [3764]
# Path: /System/Library/Frameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app/Contents/MacOS/PubSubAgent
# Identifier: PubSubAgent
# Version: ??? (???)
# Code Type: X86 (Native)
# Parent Process: launchd [282]
#
# Date/Time: 2008-10-31 15:31:41.355 -0400
# OS Version: Mac OS X 10.5.5 (9F33)
# Report Version: 6
#
# Exception Type: EXC_BAD_ACCESS (SIGSEGV)
# Exception Codes: KERN_INVALID_ADDRESS at 0x0000000
Exploit-DB
PHP Live Helper 2.0.1 - Multiple Vulnerabilities
exploitdb·2008-08-18
CVE-2008-3764 PHP Live Helper 2.0.1 - Multiple Vulnerabilities
PHP Live Helper 2.0.1 - Multiple Vulnerabilities
---
##########################################################
# GulfTech Security Research August 16, 2008
##########################################################
# Vendor : Turnkey Web Tools, Inc
# URL : http://www.turnkeywebtools.com
# Version : PHP Live Helper DB_site->query_first("SELECT * FROM ".
$this->dbprefix.$table." where ".$from."='$id'");
if (is_array($result)) {
foreach ($result as $key => $val) {
$info[$key] = stripslashes($val);
}
}
return $info;
}
As we can see in the above code, all of the parameters passed to
the get() function are unsanitized. So, if the data is not sanitized
before being sent to get() we have an SQL Injection issue.
/onlinestatus_html.php?dep=-99' UNION SELECT 1,2,3,4,5,6,7,8 FROM
admin_accounts W
No writeups or analysis indexed.
http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txthttp://secunia.com/advisories/31521http://securityreason.com/securityalert/4178http://www.gulftech.org/?node=research&article_id=00124-08162008http://www.securityfocus.com/archive/1/495542/100/0/threadedhttp://www.securityfocus.com/bid/30729https://exchange.xforce.ibmcloud.com/vulnerabilities/44571https://www.exploit-db.com/exploits/6261http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txthttp://secunia.com/advisories/31521http://securityreason.com/securityalert/4178http://www.gulftech.org/?node=research&article_id=00124-08162008http://www.securityfocus.com/archive/1/495542/100/0/threadedhttp://www.securityfocus.com/bid/30729https://exchange.xforce.ibmcloud.com/vulnerabilities/44571https://www.exploit-db.com/exploits/6261
2008-08-21
Published