CVE-2008-6030
published 2009-02-03CVE-2008-6030: Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.5th percentile
Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netartmedia | jobs_portal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ClassApps SelectSurvey.net - Multiple SQL Injections
exploitdb·2014-09-20
CVE-2014-6030 ClassApps SelectSurvey.net - Multiple SQL Injections
ClassApps SelectSurvey.net - Multiple SQL Injections
---
##########
# Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net
# Google Dork: intitle:SelectSurvey
# Date: Sep 03 2014
# Vendor Homepage: https://www.classapps.com/
# Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp
# Version: 4.124.004
# Tested on: Windows 2008 R2/SQL Server 2008
# CVE: 2014-6030
##########
Description
SelectSurvey.net is a web-based survey application written in ASP.net
and C#. It is vulnerable to multiple SQL injection attacks, both
authenticated and unauthenticated. The authenticated vulnerability
resides within the file upload script, as the parameters are not
sanitized prior to being placed into the SQL query. ClassApps had
previously listed 'SQL injection protecti
Exploit-DB
Libc - 'libc:fts_*()' Local Denial of Service
exploitdb·2009-03-05·CVSS 4.9
CVE-2009-0537 [MEDIUM] Libc - 'libc:fts_*()' Local Denial of Service
Libc - 'libc:fts_*()' Local Denial of Service
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[libc:fts_*():multiple vendors, Denial-of-service ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 21.10.2008
- - Pub.: 04.03.2009
CVE: CVE-2009-0537
We are going informing all vendors, about this problem.
Affected Software (official):
- - OpenBSD 4.4
/usr/src/lib/libc/gen/fts.c
- - Microsoft Interix
6.0 10.0.6030.0 x86
- - Microsft Vista Enterprise
SearchIndexer.exe
probably more...
Original URL:
http://securityreason.com/achievement_securityalert/60
- --- 0.Description ---
The fts functions are provided for traversing UNIX file hierarchies.
The fts_open() function returns a "handle" on a file hierarchy, which is then supplied to the other fts functions.
The funct
Exploit-DB
Netartmedia Jobs Portal 1.3 - Multiple SQL Injections
exploitdb·2008-09-21
CVE-2008-6030 Netartmedia Jobs Portal 1.3 - Multiple SQL Injections
Netartmedia Jobs Portal 1.3 - Multiple SQL Injections
---
######## ## ## ###### ######## ## ## ######## ######## ####### ########
## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## #### ## ## ## ## #### ## ## ## ## ## ##
###### ## ## ## ## ######## ## ######## ## ####### ## ##
## ## #### ## ## ## ## ## ## ## ## ##
## ## ### ## ## ## ## ## ## ## ## ## ## ##
######## ## ## ###### ## ## ## ## ## ####### ########
################################ !R4Q!4N H4CK3R ###################################
NetArtMedia Jobs Portal 1.3 Multiple Sql Injection Vulnerabilities
Website : http://www.netartmedia.net
Founded By : Encrypt3d.M!nd
Home Page : http://encrypt3d.blogspot.com
# Remote Sql Injection(s) :
Affected File(s) :
index.php
PoC:
/index.php?mod=search&job=-666 union select 1,2,3,4,5,username
Exploit-DB
Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow
exploitdb·2008-07-11
CVE-2008-3182 Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow
Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow
---
#include
#include
/*
DAP 8.x (.m3u) File BOF C Exploit for XP SP2,SP3 English
SecurityFocus Advisory:
Download Accelerator Plus (DAP) is prone to a buffer-overflow vulnerability
because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting this issue may allow remote attackers to execute
arbitrary code in the context of the application.Failed exploit attempts
will cause denial-of-service conditions.
Vulnerability discoverd by Krystian Kloskowski (h07)
Original POC by h07 http://www.milw0rm.com/exploits/6030
This poc will create a "special" .m3u file that when imported in DAP and then checked with
the verifiy button will cause a buffer overflow and lead to exploitation.Run the pro
No writeups or analysis indexed.
http://secunia.com/advisories/31937http://www.securityfocus.com/bid/31281https://exchange.xforce.ibmcloud.com/vulnerabilities/45272https://www.exploit-db.com/exploits/6517http://secunia.com/advisories/31937http://www.securityfocus.com/bid/31281https://exchange.xforce.ibmcloud.com/vulnerabilities/45272https://www.exploit-db.com/exploits/6517
2009-02-03
Published