CVE-2009-1050
published 2009-03-24CVE-2009-1050: Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.87%
85.0th percentile
Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kamads | bloginator | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bloginator 1a - Cookie Bypass / SQL Injection
exploitdb·2009-03-19
CVE-2009-1050 Bloginator 1a - Cookie Bypass / SQL Injection
Bloginator 1a - Cookie Bypass / SQL Injection
---
##########################################################################
Author = FireShot , Jacopo Vuga.
Mail = fireshotautisticiorg
Software = Bloginator V1A
Download = http://kamads.com/kamads_ads/download.php?email=bloginator&ID=0
Greets to = Osirys, Myral, str0ke
###########################################################################
Vulnerability = Insicure Cookie Handling
###########################################################################
[CODE]
[URL] www.site.com/bloginator/articleCall.php
global $name,$password,$returnLink;
$p_name = strip_tags(substr($_POST['name'],0,32));
$p_password = strip_tags(substr($_POST['password'],0,32));
if(crypt($p_name , $name) == $name and crypt($p_password,$password) == $pass
Exploit-DB
MW6 Barcode - ActiveX 'Barcode.dll' Remote Heap Overflow (PoC)
exploitdb·2009-01-26
CVE-2009-0298 MW6 Barcode - ActiveX 'Barcode.dll' Remote Heap Overflow (PoC)
MW6 Barcode - ActiveX 'Barcode.dll' Remote Heap Overflow (PoC)
---
Author : Houssamix
MW6 Barcode ActiveX (Barcode.dll) Reamote Heap Overflow Poc
arg1=String(1050, "A")
target.Supplement = arg1
# milw0rm.com [2009-01-26]
No writeups or analysis indexed.
http://osvdb.org/52838http://secunia.com/advisories/34395http://www.securityfocus.com/bid/34187https://exchange.xforce.ibmcloud.com/vulnerabilities/49324https://www.exploit-db.com/exploits/8243http://osvdb.org/52838http://secunia.com/advisories/34395http://www.securityfocus.com/bid/34187https://exchange.xforce.ibmcloud.com/vulnerabilities/49324https://www.exploit-db.com/exploits/8243
2009-03-24
Published