CVE-2010-1066
published 2010-03-23CVE-2010-1066: AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.46%
82.4th percentile
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| the-ghost | ar_web_content_manager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
The-ghost AR Web Content Manager 2.1 db_backup.php access control (EDB-11025 / XFDB-55445)
vuldb·2026-05-03·CVSS 5.0
CVE-2010-1066 [MEDIUM] The-ghost AR Web Content Manager 2.1 db_backup.php access control (EDB-11025 / XFDB-55445)
A vulnerability was found in The-ghost AR Web Content Manager 2.1 and classified as problematic. This vulnerability affects unknown code of the file db_backup.php of the component Web Content Manager. The manipulation results in improper access controls.
This vulnerability was named CVE-2010-1066. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-h8pp-5f54-qp4v: AR Web Content Manager (AWCM) 2
ghsa_unreviewed·2022-05-02
CVE-2010-1066 [MEDIUM] GHSA-h8pp-5f54-qp4v: AR Web Content Manager (AWCM) 2
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.
No detection rules found.
Exploit-DB
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
exploitdb·2010-08-14·CVSS 10.0
CVE-2007-3336 [CRITICAL] CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
---
# Exploit Title: Computer Associates Advantage Ingres 2.6 Multiple Buffer Overflow Vulnerabilities PoC
# Date: 2010-08-14
# Author: @fdiskyou
# e-mail: rui at deniable.org
# Version: 2.6
# Tested on: Windows 2003 Server SP1 en
# CVE: CVE-2007-3336 - CVE-2007-3338
# Notes: Fixed in the last version.
# iigcc - EDX holds a pointer that's overwritten at byte 2106 and it crashes while executing
# MOV EAX,DWORD PTR DS:[EDX+8]
# iijdbc - EDI holds a pointer that's overwritten at byte 1066 and it crashes while executing
# CMP ECX,DWORD PTR DS:[EDI+4]
# please let me know if you are/were able to get code execution
import socket
import sys
if len(sys.argv) != 4:
print "Usage: ./CAAdvantageDoS.py "
print "Vulnerable Serv
Exploit-DB
AWCM - Database Disclosure
exploitdb·2010-01-06
CVE-2010-1066 AWCM - Database Disclosure
AWCM - Database Disclosure
---
Subject:AWCM
Date: 6/1/21010
Author: alnjm33
version:2.1
Tested on: version:2.1
download: http://awcm.sourceforge.net/ar/
Home:sec-war.com
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::exploit::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
site/path/control/db_backup.php
u will download the database when download it
search for the admin
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Greetz to :PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso -JaMbA -RoOt_EgY -jago-dz- XR57 all sec-war.com members
No writeups or analysis indexed.
http://packetstormsecurity.org/1001-exploits/awcm-backup.txthttp://secunia.com/advisories/38065http://www.exploit-db.com/exploits/11025https://exchange.xforce.ibmcloud.com/vulnerabilities/55445http://packetstormsecurity.org/1001-exploits/awcm-backup.txthttp://secunia.com/advisories/38065http://www.exploit-db.com/exploits/11025https://exchange.xforce.ibmcloud.com/vulnerabilities/55445
2010-03-23
Published