CVE-2009-3443
published 2009-09-28CVE-2009-3443: SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.4th percentile
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastballproductions | com_fastball | — | — |
| fastballproductions | com_fastball | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection
exploitdb·2009-09-24
CVE-2009-3443 Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection
Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection
---
########################################################################################################
## Joomla Component com_fastball Remote SQL injection vulnerability - (league) ##
## Author : kaMtiEz ([email protected]) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : September 23, 2009 ##
########################################################################################################
# Hello My Name Is : ##
# __ _____ __ ._____________ ##
# | | _______ / \_/ |_|__\_ _____/_______ ##
# | |/ /\__ \ / \ / \ __\ || __)_\___ / ##
# | < / __ \_/ Y \ | | || \/ / ##
# |__|_ \(____ /\____|__ /__| |__/_______ /_____ \ ##
# \/ \/ \/ \/ \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=- ##
#####################
Exploit-DB
Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service
exploitdb·2009-03-31
CVE-2009-1219 Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service
Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service
---
source: https://www.securityfocus.com/bid/34150/info
Sun Java System Calendar Server is prone to a denial-of-service vulnerability because it fails to handle certain duplicate URI requests.
An attacker can exploit this issue to crash the Calendar Server, resulting in a denial-of-service condition.
NOTE: Versions prior to Sun Java System Calendar Server 6.3 are not vulnerable.
The following example data is available:
https://www.example.com:3443/?tzid=crash
Exploit-DB
Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting
exploitdb·2009-03-31
CVE-2009-1218 Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting
Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/34153/info
Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
https://www.example.com:3443//command.shtml?view=overview&id=HK8CjQOkmbY&date=20081217T200734%27;alert('xss');//Z&[email protected]&security=1
No writeups or analysis indexed.
2009-09-28
Published