CVE-2010-0722
published 2010-02-26CVE-2010-0722: SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.7th percentile
SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris Sadmind - Command Execution (Metasploit)
exploitdb·2010-06-22
CVE-2003-0722 Solaris Sadmind - Command Execution (Metasploit)
Solaris Sadmind - Command Execution (Metasploit)
---
##
# $Id: sadmind_exec.rb 9583 2010-06-22 19:11:05Z todb $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Solaris sadmind Command Execution',
'Description' => %q{
This exploit targets a weakness in the default security
settings of the sadmind RPC application. This server is
installed and enabled by default on most versions of the
Solaris operating system.
Vulnerable systems include solaris 2.7, 8, and 9
},
'Author' => [ 'vlad902 ', 'hdm', 'cazz' ],
'License' => MSF_LICENSE,
'Version' =>
Exploit-DB
PHP Auktion Pro SQL - 'news.php' SQL Injection
exploitdb·2010-02-23
CVE-2010-0722 PHP Auktion Pro SQL - 'news.php' SQL Injection
PHP Auktion Pro SQL - 'news.php' SQL Injection
---
----------------------------Information------------------------------------------------
+Name : Php Auktion Pro SQL Injection news.php
+Autor : Easy Laster
+Date : 22.02.2010
+Script : Php Auktion Pro
+Download : -----
+Price : 34,90€
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Damian.
___ ___ ___ ___ _ _ _____ _ _
| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_
|_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _|
|_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_|
No writeups or analysis indexed.
http://4004securityproject.wordpress.com/2010/02/22/php-auktion-pro-sql-injection-news-php/http://secunia.com/advisories/38679http://www.exploit-db.com/exploits/11547http://www.securityfocus.com/bid/38371https://exchange.xforce.ibmcloud.com/vulnerabilities/56478http://4004securityproject.wordpress.com/2010/02/22/php-auktion-pro-sql-injection-news-php/http://secunia.com/advisories/38679http://www.exploit-db.com/exploits/11547http://www.securityfocus.com/bid/38371https://exchange.xforce.ibmcloud.com/vulnerabilities/56478
2010-02-26
Published