CVE-2008-5730
published 2008-12-26CVE-2008-5730: Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1)…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.23%
80.6th percentile
Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netcat | netcat | <= 3.12 | — |
| netcat | netcat | — | — |
| netcat | netcat | — | — |
| netcat | netcat | — | — |
| netcat | netcat | — | — |
| netcat | netcat | — | — |
| netcat | netcat | — | — |
| netcat | netcat | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CMS NetCat 3.12 - Multiple Vulnerabilities
exploitdb·2008-12-23
CVE-2008-5742 CMS NetCat 3.12 - Multiple Vulnerabilities
CMS NetCat 3.12 - Multiple Vulnerabilities
---
NetCat &control= etc.
4. HTTP Response Splitting
Examples of vulnerable files:
/netcat/modules/auth/index.php?logoff=1&redirect=http://www.google.com
/netcat/modules/linkmanager/redirect.php?url=http://www.google.com
5. CRLF injection
Vulnerability exists at the moment of value installation %0a in COOKIEvariables.
Vulnerability has been found out at the reference to a file /netcat/add.php.
# milw0rm.com [2008-12-23]
Exploit-DB
Microsoft Internet Explorer - XML Parsing Remote Buffer Overflow
exploitdb·2008-12-10
CVE-2008-4844 Microsoft Internet Explorer - XML Parsing Remote Buffer Overflow
Microsoft Internet Explorer - XML Parsing Remote Buffer Overflow
---
// k`sOSe 12/10/2008 - tested on winxp sp3, explorer 7.0.5730.13
// windows/exec - 141 bytes
// http://www.metasploit.com
// EXITFUNC=seh, CMD=C:\WINDOWS\system32\calc.exe
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/7403.zip (2008-iesploit.tar.gz)
# milw0rm.com [2008-12-10]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4819http://www.securityfocus.com/bid/32992https://exchange.xforce.ibmcloud.com/vulnerabilities/47579https://www.exploit-db.com/exploits/7560http://securityreason.com/securityalert/4819http://www.securityfocus.com/bid/32992https://exchange.xforce.ibmcloud.com/vulnerabilities/47579https://www.exploit-db.com/exploits/7560
2008-12-26
Published