CVE-2010-1044
published 2010-03-23CVE-2010-1044: SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | oputils | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ManageEngine OpUtils 5.0 Login Login.do isHttpPort sql injection (EDB-11330 / XFDB-56102)
vuldb·2026-05-03·CVSS 7.5
CVE-2010-1044 [HIGH] ManageEngine OpUtils 5.0 Login Login.do isHttpPort sql injection (EDB-11330 / XFDB-56102)
A vulnerability categorized as critical has been discovered in ManageEngine OpUtils 5.0. Affected by this issue is some unknown functionality of the file Login.do of the component Login. The manipulation of the argument isHttpPort results in sql injection.
This vulnerability is cataloged as CVE-2010-1044. The attack may be launched remotely. Furthermore, there is an exploit available.
GHSA
GHSA-4g4j-2jp8-92qm: SQL injection vulnerability in Login
ghsa_unreviewed·2022-05-02
CVE-2010-1044 [HIGH] CWE-89 GHSA-4g4j-2jp8-92qm: SQL injection vulnerability in Login
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
Red Hat
kernel: IB/uverbs: Handle large number of entries in poll CQ
vendor_redhat·2010-12-08·CVSS 6.9
CVE-2011-1044 [MEDIUM] kernel: IB/uverbs: Handle large number of entries in poll CQ
kernel: IB/uverbs: Handle large number of entries in poll CQ
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.
Package: kernel (Red Hat Enterprise Linux 4) - Affected
No detection rules found.
Bugzilla
CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ
bugzilla·2011-01-07·CVSS 6.9
CVE-2010-4649 [MEDIUM] CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ
CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ
In ib_uverbs_poll_cq() code there is a potential integer overflow if
userspace passes in a large cmd.ne. The calls to kmalloc() would
allocate smaller buffers than intended, leading to memory corruption.
There iss also an information leak if resp wasn't all used.
Unprivileged userspace may call this function, although only if an
RDMA device that uses this function is present.
Fix this by copying CQ entries one at a time, which avoids the
allocation entirely, and also by moving this copying into a function
that makes sure to initialize all memory copied to userspace.
Upstream commit:
http://git.kernel.org/linus/7182afea8d1afd432a17c18162cc3fd441d0da93
Discussion:
Update:
Name: CVE-2010-4649
Integer
Bugzilla
CVE-2010-4345 exim: privilege escalation
bugzilla·2010-12-10·CVSS 7.8
CVE-2010-4345 [HIGH] CVE-2010-4345 exim: privilege escalation
CVE-2010-4345 exim: privilege escalation
See bug #661756
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
"
Secondly a privilege escalation where the trusted 'exim' user is able to tell
Exim to use arbitrary config files, in which further ${run ...} commands will
be invoked as root.
The latter should be addressed by the patch at
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
"
Discussion:
http://bugs.exim.org/show_bug.cgi?id=1044
---
http://lists.exim.org/lurker/message/20101212.031058.0a4ca7c2.en.html
I've just pushed a set of patches to
http://git.exim.org/users/dwmw2/exim.git
git://git.exim.org/users/dwmw2/exim.git
They do the following:
- Add Valgrind hooks to the store pools to aid debugging.
- Don't use config files as root if they
http://packetstormsecurity.org/1002-exploits/oputils_5-sql.txthttp://www.exploit-db.com/exploits/11330http://www.securityfocus.com/bid/38082https://exchange.xforce.ibmcloud.com/vulnerabilities/56102http://packetstormsecurity.org/1002-exploits/oputils_5-sql.txthttp://www.exploit-db.com/exploits/11330http://www.securityfocus.com/bid/38082https://exchange.xforce.ibmcloud.com/vulnerabilities/56102
2010-03-23
Published