CVE-2009-1032
published 2009-03-20CVE-2009-1032: SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.2th percentile
SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yabsoft | advanced_image_hosting_script | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zabbix Agent < 1.6.7 - Remote Bypass
exploitdb·2009-12-14
CVE-2009-4502 Zabbix Agent < 1.6.7 - Remote Bypass
Zabbix Agent
Date: Sun, 13 Dec 2009 16:28:30 +0100
From Wikipedia : "Zabbix is a network management system application
[...] designed to monitor and track the status of various network
services, servers, and other network hardware."
[Zabbix Agent : Bypass of EnableRemoteCommands=0]
Impacted software : Zabbix Agent (FreeBSD and Solaris only)
Zabbix reference : https://support.zabbix.com/browse/ZBX-1032
Patched version : 1.6.7
Faulty source code : function NET_TCP_LISTEN() in
libs/zbxsysinfo/(freebsd|solaris)/net.c
Exploit : $> echo "net.tcp.listen[80';id;echo ']"|nc -vn xxxxx 10050
Limitation : attacker must come from (or spoof) a trusted IP address
Changelog entry : fixed security vulnerability in processing of
net.tcp.listen under FreeBSD and Solaris agents
Exploit-DB
Advanced Image Hosting (AIH) 2.3 - 'gal' Blind SQL Injection
exploitdb·2009-03-18
CVE-2009-1032 Advanced Image Hosting (AIH) 2.3 - 'gal' Blind SQL Injection
Advanced Image Hosting (AIH) 2.3 - 'gal' Blind SQL Injection
---
###################################################################
Advanced Image Hosting (AIH) Remote Blind SQL Injection
###################################################################
###################################################
#[~] Author : boom3rang
#[~] Greetz : H!tm@N, KHG, chs, redc00de
#[~] Vulnerability : Blind SQL injection
#[~] Google Dork : Powered by: AIH v2.3
#[!] Product Name : Advanced Image Hosting
#[!] Product Site : http://www.yabsoft.info
#[!] Version : v2.3
#[!] Download : http://yabsoft.com/aihs-feature.php
###################################################
[!] AIH Blind SQL Injection.
PoC / Live Demo:
http://yabsoft.info/demo/aihspro/gallery_list.php?gal=3'/**/and/**/ascii(substring
No writeups or analysis indexed.
http://osvdb.org/52813http://secunia.com/advisories/34366http://www.securityfocus.com/bid/34176https://exchange.xforce.ibmcloud.com/vulnerabilities/49316https://www.exploit-db.com/exploits/8238http://osvdb.org/52813http://secunia.com/advisories/34366http://www.securityfocus.com/bid/34176https://exchange.xforce.ibmcloud.com/vulnerabilities/49316https://www.exploit-db.com/exploits/8238
2009-03-20
Published