CVE-2009-1650
published 2009-05-16CVE-2009-1650: Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.99%
58.2th percentile
Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenfourzero | shutter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
exploitdb·2016-12-19
CVE-2013-6627 Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
Google Chrome ::QuickGetNext Out-of-Bounds Read
---
'''
Source: http://blog.skylined.nl/20161219001.html
Synopsis
A specially crafted HTTP response can allow a malicious web-page to trigger a out-of-bounds read vulnerability in Google Chrome. The data is read from the main process' memory.
Known affected software, attack vectors and potential mitigations
Google Chrome up to, but not including, 31.0.1650.48
An attacker would need to get a target user to open a specially crafted web-page. Disabling JavaScript does not prevent an attacker from triggering the vulnerable code path, but may prevent exfiltration of information.
Since the affected code has not been changed since 2009, I assume this affects all versions of Chrome released in the last few years.
Details
The HttpStream
Exploit-DB
Shutter 0.1.1 - Multiple SQL Injections
exploitdb·2009-05-14
CVE-2009-1650 Shutter 0.1.1 - Multiple SQL Injections
Shutter 0.1.1 - Multiple SQL Injections
---
** **
** **
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
** [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://shutter.tenfourzero.net/ |
|-->DOWNLOAD: http://shutter.tenfourzero.net/ |
|-->DEMO: http://shutter.tenfourzero.net/video.html |
|-->CATEGORY: CMS / Image Galleries |
|-->DESCRIPTION: Shutter is a web package allowing users to sh
No writeups or analysis indexed.
http://secunia.com/advisories/35049http://www.securityfocus.com/archive/1/503493http://www.securityfocus.com/bid/34967https://www.exploit-db.com/exploits/8679http://secunia.com/advisories/35049http://www.securityfocus.com/archive/1/503493http://www.securityfocus.com/bid/34967https://www.exploit-db.com/exploits/8679
2009-05-16
Published