CVE-2009-3719
published 2009-10-16CVE-2009-3719: Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.50%
71.0th percentile
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| davethewebguy | battle_blog | — | — |
| davethewebguy | battle_blog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Adobe Illustrator CS4 14.0.0 - Postscript (.eps) Buffer Overflow (Metasploit)
exploitdb·2010-09-25
CVE-2009-4195 Adobe Illustrator CS4 14.0.0 - Postscript (.eps) Buffer Overflow (Metasploit)
Adobe Illustrator CS4 14.0.0 - Postscript (.eps) Buffer Overflow (Metasploit)
---
##
# $Id: adobe_illustrator_v14_eps.rb 10477 2010-09-25 11:59:02Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Adobe Illustrator CS4 v14.0.0',
'Description' => %q{
Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps)
overlong DSC Comment Buffer Overflow Exploit
},
'License' => MSF_LICENSE,
'Author' => [ 'Nine:Situations:Group::pyrokinesis', 'dookie' ],
'Version' => '$Revision: 10477 $',
'References' =>
[
[ 'CVE', '2009-4195' ],
[ 'BID', '3719
Exploit-DB
Battle Blog 1.25 - Authentication Bypass / SQL Injection / HTML Injection
exploitdb·2009-07-17
CVE-2009-3719 Battle Blog 1.25 - Authentication Bypass / SQL Injection / HTML Injection
Battle Blog 1.25 - Authentication Bypass / SQL Injection / HTML Injection
---
###################################################################
# battle blog sql/html injection vulnerability #
###################################################################
author: $qL_DoCt0r
email: [email protected]
msn: [email protected]
blog: http://full-discl0sure.blogspot.com
html injection vulnerability
dork:inurl:comment.asp intext:Your e-mail address will be used to send you voting and comment activity. Inclusion of your address is optional but Battle Blog cannot notify you of these activities unless you supply an accurate e-mail.
once on blog...
scroll down to: make new comment
fill in the name: website: e-mail: forms
then type your html/xss as the comment, eg:
click
No writeups or analysis indexed.
http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.htmlhttp://secunia.com/advisories/35864http://www.exploit-db.com/exploits/9183http://www.securityfocus.com/bid/35726https://exchange.xforce.ibmcloud.com/vulnerabilities/51807http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.htmlhttp://secunia.com/advisories/35864http://www.exploit-db.com/exploits/9183http://www.securityfocus.com/bid/35726https://exchange.xforce.ibmcloud.com/vulnerabilities/51807
2009-10-16
Published