CVE-2010-0964
published 2010-03-16CVE-2010-0964: SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.2th percentile
SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zinf Audio Player 2.2.1 - '.pls' Local Stack Buffer Overflow (Metasploit)
exploitdb·2010-11-24
CVE-2004-0964 Zinf Audio Player 2.2.1 - '.pls' Local Stack Buffer Overflow (Metasploit)
Zinf Audio Player 2.2.1 - '.pls' Local Stack Buffer Overflow (Metasploit)
---
##
# $Id: zinfaudioplayer221_pls.rb 11127 2010-11-24 19:35:38Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Zinf Audio Player 2.2.1 (PLS File) Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack-based buffer overflow in the Zinf Audio Player 2.2.1.
An attacker must send the file to victim and the victim must open the file.
Alternatively it may be possible to execute code remotely via an embedded
PLS file within a browser, when the
Exploit-DB
Eros Erotik Webkatalog - 'start.php?id' SQL Injection
exploitdb·2010-03-11
CVE-2010-0964 Eros Erotik Webkatalog - 'start.php?id' SQL Injection
Eros Erotik Webkatalog - 'start.php?id' SQL Injection
---
----------------------------Information------------------------------------------------
+Name : Eros Erotik Webkatalog start.php (rubrik&id)SQL Injection
+Autor : Easy Laster
+Date : 11.03.2010
+Script : Eros Erotik Webkatalog
+Price : 07,13€
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne.
___ ___ ___ ___ _ _ _____ _ _
| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_
|_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _|
|_|___|___| |_| |___|___|___|___|_
http://4004securityproject.wordpress.com/2010/03/11/eros-erotik-webkatalog-start-php-rubrikidsql-injection/http://osvdb.org/62902http://packetstormsecurity.org/1003-exploits/eroserotikwebkat-sql.txthttp://secunia.com/advisories/38900http://www.exploit-db.com/exploits/11689https://exchange.xforce.ibmcloud.com/vulnerabilities/56851http://4004securityproject.wordpress.com/2010/03/11/eros-erotik-webkatalog-start-php-rubrikidsql-injection/http://osvdb.org/62902http://packetstormsecurity.org/1003-exploits/eroserotikwebkat-sql.txthttp://secunia.com/advisories/38900http://www.exploit-db.com/exploits/11689https://exchange.xforce.ibmcloud.com/vulnerabilities/56851
2010-03-16
Published