CVE-2010-0762
published 2010-03-02CVE-2010-0762: SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.21%
64.7th percentile
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qvjj-p3vv-998f: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-02
CVE-2010-0762 [HIGH] CWE-89 GHSA-qvjj-p3vv-998f: SQL injection vulnerability in index
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
Red Hat
vsftpd: remote DoS via crafted glob pattern
vendor_redhat·2011-03-01·CVSS 7.8
CVE-2011-0762 [HIGH] vsftpd: remote DoS via crafted glob pattern
vsftpd: remote DoS via crafted glob pattern
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
No detection rules found.
Exploit-DB
CD Rentals Script - SQL Injection
exploitdb·2010-02-11
CVE-2010-0762 CD Rentals Script - SQL Injection
CD Rentals Script - SQL Injection
---
/**************************************************************************
[!] CD Rentals Script SQL injection Vulnerability
[!] Author : Don Tukulesto ([email protected])
[!] Homepage : http://www.indonesiancoder.com
[!] Date & Time : Thu Feb 10, 2010 5:55 PM
[!] Rock On : http://antisecradio.fm (choose your weapon)
**************************************************************************/
[ Software Information ]
[+] Vendor : http://www.commodityrentals.com/
[+] This script is specifically tailored for people wanting to start a CDs Rentals Business within a very short time.
Fully E-Commerce ready, this system comes with a Books attribute template and a fully customizable "look and feel" template of the site.
[+] Method : SQL Injection
Nuclei
vsftpd < 2.3.3 - DoS
nuclei·CVSS 7.8
CVE-2011-0762 [HIGH] vsftpd < 2.3.3 - DoS
vsftpd < 2.3.3 - DoS
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Template:
id: CVE-2011-0762
info:
name: vsftpd < 2.3.3 - DoS
author: pussycat0x
severity: medium
description: |
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
impact: |
Authenticated attackers can send crafted glob expressions
No writeups or analysis indexed.
http://packetstormsecurity.org/1002-exploits/cdrentals-sql.txthttp://secunia.com/advisories/38519http://www.exploit-db.com/exploits/11401http://www.indonesiancoder.org/cd-rentals-script-sql-injection-vulnerabilityhttp://www.osvdb.org/62278http://www.securityfocus.com/bid/38184https://exchange.xforce.ibmcloud.com/vulnerabilities/56209http://packetstormsecurity.org/1002-exploits/cdrentals-sql.txthttp://secunia.com/advisories/38519http://www.exploit-db.com/exploits/11401http://www.indonesiancoder.org/cd-rentals-script-sql-injection-vulnerabilityhttp://www.osvdb.org/62278http://www.securityfocus.com/bid/38184https://exchange.xforce.ibmcloud.com/vulnerabilities/56209
2010-03-02
Published