CVE-2009-1503
published 2009-05-01CVE-2009-1503: Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
exploitdb·2009-05-18·CVSS 5.0
CVE-2009-1379 [MEDIUM] OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
---
/*
* cve-2009-1378.c
*
* OpenSSL
* http://jon.oberheide.org
*
* Information:
*
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
*
* In dtls1_process_out_of_seq_message() the check if the current message is
* already buffered was missing. For every new message was memory allocated,
* allowing an attacker to perform an denial of service attack with sending
* out of seq handshake messages until there is no memory left.
*
* Usage:
*
* Pass the host and port of the target DTLS server:
*
* $ gcc cve-2009-1378.c -o cve-2009-1378
* $ ./cve-2009-1378 1.2.3.4 666
*
* Notes:
*
* With a MTU of 1500, the attack leaks 1503 bytes of memory with each UDP
* datagram. If you have a bigger MTU than 1500, feel free
Exploit-DB
Tiger Dms - Authentication Bypass
exploitdb·2009-04-29
CVE-2009-1503 Tiger Dms - Authentication Bypass
Tiger Dms - Authentication Bypass
---
DDDDD OOOO SSSS DDDD ZZZZZZ TTTTTTTTT EEEEE A MM MM
D D o O S D D Z T E A A M M M M
D D o o SSSS [**] D D Z T EEEEE AAAAA M M M
D D o o S D D Z T E A A M M
DDDD oooO SSSS DDDD ZZZZZZ T EEEEE A A M M
-------------------------------------[+]
Home:http://www.tigerdms.com/download.php
Product: Tiger DMS
home:www.h4ckf0ru.com
Note: I test it On Localhost Because ThE Demo is not Worked :)
Tiger DMS (auth Bypass) SQL Injection Vulnerabilities
File:
Login.php
Vuln:
----
if (isset($r_username)){
$selog = mysql_query("SELECT * FROM $prefix"."users where username='$r_username' and password='$r_password'");
$num_rows = mysql_num_rows($selog);
if ($num_rows == 1){
$nona=mysql_fetch_array($selog);
$_SESSION["aut"] = $nona["type"] ;
$_SESSION["nick"] = $nona["us
No writeups or analysis indexed.
2009-05-01
Published