CVE-2009-0400
published 2009-02-03CVE-2009-0400: SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.10%
61.7th percentile
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| socialengine | socialengine | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
exploitdb·2009-05-26·CVSS 10.0
CVE-2008-3529 [CRITICAL] Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
---
#!/usr/bin/ruby
#
# Quick-n-dirty PoC for APPLE-SA-2009-05-12 ala CVE-2008-3529
# Safari RSS feed:// buffer overflow via libxml2 by KF of Digitalmunition and Netragard
# http://www.digitalmunition.com , http://www.netragard.com
#
# The application PubSubAgent quit unexpectedly.
#
# Process: PubSubAgent [3764]
# Path: /System/Library/Frameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app/Contents/MacOS/PubSubAgent
# Identifier: PubSubAgent
# Version: ??? (???)
# Code Type: X86 (Native)
# Parent Process: launchd [282]
#
# Date/Time: 2008-10-31 15:31:41.355 -0400
# OS Version: Mac OS X 10.5.5 (9F33)
# Report Version: 6
#
# Exception Type: EXC_BAD_ACCESS (SIGSEGV)
# Exception Codes: KERN_INVALID_ADDRESS at 0x0000000
Exploit-DB
Social Engine 3.06 - 'category_id' SQL Injection
exploitdb·2009-01-28
CVE-2009-0400 Social Engine 3.06 - 'category_id' SQL Injection
Social Engine 3.06 - 'category_id' SQL Injection
---
= SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM =
= S N N N A A K K E S T E A A M M M M =
+ SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M +
= S N N N A A K K E S T E A A M M M =
= SSSSS N NN A A K K EEEEE SSSSS T EEEEE A A M M =
===================================================SNAKES TEAM====================================================
+ =
= Social Engine (blog.php) SQL Injection Vulnerability +
+ =
==============================================:::ALGERIAN HaCkEr:::===============================================
= = = =
= = Discovered By: Snakespc :::ALGERIAN HaCkEr::: = =
= =
:::::Mail: [email protected]:::::::
= =
= http://www.socialengine.net/demos.php "blog.php" =
===================================GAZA
No writeups or analysis indexed.
http://osvdb.org/51644http://secunia.com/advisories/33701http://www.securityfocus.com/bid/33495https://exchange.xforce.ibmcloud.com/vulnerabilities/48316https://www.exploit-db.com/exploits/7900http://osvdb.org/51644http://secunia.com/advisories/33701http://www.securityfocus.com/bid/33495https://exchange.xforce.ibmcloud.com/vulnerabilities/48316https://www.exploit-db.com/exploits/7900
2009-02-03
Published