CVE-2009-3202
published 2009-09-16CVE-2009-3202: Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.48%
70.8th percentile
Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uloki | uloki_php_forum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
UloKI PHP Forum 2.1 - 'search.php' Cross-Site Scripting
exploitdb·2009-08-19
CVE-2009-3202 UloKI PHP Forum 2.1 - 'search.php' Cross-Site Scripting
UloKI PHP Forum 2.1 - 'search.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/44273/info
UloKI PHP Forum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/forum/search.php?term="> alert(document.cookie);
UloKI PHP Forum 2.1 is vulnerable; other versions may also be affected.
http://www.example.com/forum/search.php?term="> alert(document.cookie);
Exploit-DB
ArcaVir 2009 < 9.4.320X.9 - 'ps_drv.sys' Local Privilege Escalation
exploitdb·2009-05-26
CVE-2009-1824 ArcaVir 2009 < 9.4.320X.9 - 'ps_drv.sys' Local Privilege Escalation
ArcaVir 2009 < 9.4.320X.9 - 'ps_drv.sys' Local Privilege Escalation
---
////////////////////////////////////////////////////////////////////////////////////
// +----------------------------------------------------------------------------+ //
// | | //
// | ArcaBit Sp. z o.o. - http://www.arcabit.com/ | //
// | | //
// | Affected Software: | //
// | ArcaVir 2009 Antivirus Protection <= 9.4.3201.9 | //
// | ArcaVir 2009 Internet Security <= 9.4.3202.9 | //
// | ArcaVir 2009 System Protection <= 9.4.3203.9 | //
// | ArcaVir 2009 Home Protection <= 9.4.3204.9 | //
// | | //
// | Affected Driver: | //
// | ps_drv.sys | //
// | | //
// | Local Privilege Escalation Exploit | //
// | For Educational Purposes Only ! | //
// | | //
// +--------------------------------------------------------------
No writeups or analysis indexed.
http://osvdb.org/57176http://packetstormsecurity.org/0908-exploits/uloki-xss.txthttp://secunia.com/advisories/36407https://exchange.xforce.ibmcloud.com/vulnerabilities/52611http://osvdb.org/57176http://packetstormsecurity.org/0908-exploits/uloki-xss.txthttp://secunia.com/advisories/36407https://exchange.xforce.ibmcloud.com/vulnerabilities/52611
2009-09-16
Published