CVE-2008-4044
published 2008-09-11CVE-2008-4044: SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.3th percentile
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aj_square | aj_hyip | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - GDI+ '.ICO' Remote Division By Zero
exploitdb·2008-09-26
CVE-2008-4327 Microsoft Windows - GDI+ '.ICO' Remote Division By Zero
Microsoft Windows - GDI+ '.ICO' Remote Division By Zero
---
MS Windows GDI+ .ico Remote Division By Zero
Application: GDIPLUS.DLL
Web Site: http://www.microsoft.com/
Platform: Windows *
Bug: Division By Zero
Tested agains: XP SP3 fully patched
Note: This have nothing to do with http://milw0rm.com/exploits/4044
1) Introduction
2) Bug
3) Proof of concept
4) Credits
1) Introduction
"The Microsoft Windows graphics device interface (GDI) enables applications to use graphics
and formatted text on both the video display and the printer. Windows-based applications do
not access the graphics hardware directly. Instead, GDI interacts with device drivers on
behalf of applications."
2) Bug
GDIPLUS fails to handle exceptional condition when opening malicious .ico files.
This result
Exploit-DB
AJ HYIP ACME - 'readarticle.php' SQL Injection
exploitdb·2008-09-02
CVE-2008-4044 AJ HYIP ACME - 'readarticle.php' SQL Injection
AJ HYIP ACME - 'readarticle.php' SQL Injection
---
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
> Found by : Cyb3r-1sT
> C0ntact : cyb3r-1st [at] hotmail.com
> Groups : InjEctOr5 T3am
+++++++++++++ R3membeR Kings of injection ++++++++++++++
> script : aj-hyip
> script site : www.ajhyip.com/demo/meridian
: www.ajhyip.com/demo/acme
: www.ajhyip.com/demo/prime
++++++++++++++++ pWning israel fuckers ++++++++++++++++
> D0rk : find it
No writeups or analysis indexed.
http://securityreason.com/securityalert/4241http://www.securityfocus.com/bid/30978https://exchange.xforce.ibmcloud.com/vulnerabilities/44803https://exchange.xforce.ibmcloud.com/vulnerabilities/45201https://www.exploit-db.com/exploits/6351http://securityreason.com/securityalert/4241http://www.securityfocus.com/bid/30978https://exchange.xforce.ibmcloud.com/vulnerabilities/44803https://exchange.xforce.ibmcloud.com/vulnerabilities/45201https://www.exploit-db.com/exploits/6351
2008-09-11
Published