CVE-2008-6352
published 2009-03-02CVE-2008-6352: SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xpoze | xpoze_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)
exploitdb·2014-11-14
CVE-2014-6352 Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)
Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "MS14-064 Microsoft Windows OLE Package Manager Code Execution",
'Description' => %q{
This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE)
allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass.
The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms
such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known
to be vulnerable. However, based on our testing, the most reliable setup is on Windows
pla
Exploit-DB
Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)
exploitdb·2014-11-14
CVE-2014-6352 Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)
Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python",
'Description' => %q{
This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE)
allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability
publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista
SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.
However, based on our testing, the most reliable setup is on Windows plat
Exploit-DB
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)
exploitdb·2014-10-20
CVE-2014-6352 Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "MS14-060 Microsoft Windows OLE Package Manager Code Execution",
'Description' => %q{
This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE)
allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows
Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be
vulnerable. However, based on our testing, the most reliable setup is on Windows platforms
running Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such
as using
Exploit-DB
Xpoze 4.10 - 'menu' Blind SQL Injection
exploitdb·2008-12-12
CVE-2008-6352 Xpoze 4.10 - 'menu' Blind SQL Injection
Xpoze 4.10 - 'menu' Blind SQL Injection
---
[■] Xpoze Pro (home menù) --------------------------------------- AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> SIte vuln: http://www.xpoze.org/
>--------------------------------------- Str0ke Il pavimentosibillaLo z00I FoxHound ( goto www.myspace.com/foxhoundindie )
# milw0rm.com [2008-12-12]
No writeups or analysis indexed.
2009-03-02
Published