CVE-2010-1094
published 2010-03-24CVE-2010-1094: SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.7th percentile
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Miethner-scripting DZ EROTIK Auktionshaus V4rgo news.php ID sql injection (EDB-11582 / XFDB-56581)
vuldb·2026-05-03·CVSS 7.5
CVE-2010-1094 [HIGH] Miethner-scripting DZ EROTIK Auktionshaus V4rgo news.php ID sql injection (EDB-11582 / XFDB-56581)
A vulnerability classified as critical has been found in Miethner-scripting DZ EROTIK Auktionshaus V4rgo. This issue affects some unknown processing of the file news.php. The manipulation of the argument ID leads to sql injection.
This vulnerability is documented as CVE-2010-1094. The attack can be initiated remotely. Additionally, an exploit exists.
GHSA
GHSA-7h94-w3cq-9hqq: SQL injection vulnerability in news
ghsa_unreviewed·2022-05-02
CVE-2010-1094 [HIGH] CWE-89 GHSA-7h94-w3cq-9hqq: SQL injection vulnerability in news
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
No detection rules found.
Exploit-DB
DZ Erotik Auktionshaus 4.rgo - 'news.php' SQL Injection
exploitdb·2010-02-27
CVE-2010-1094 DZ Erotik Auktionshaus 4.rgo - 'news.php' SQL Injection
DZ Erotik Auktionshaus 4.rgo - 'news.php' SQL Injection
---
----------------------------Information------------------------------------------------
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Damian,novaca!ne.
___ ___ ___ ___ _ _ _____ _ _
| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_
|_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _|
|_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_|
|___| |___|
+Vulnerability : www.site.com/auktionshaus/news.php?id=
+Exploitable : www.site.com/auktionshaus/news.php?id=null+u
Exploit-DB
AOL Instant Messenger 4.0/4.1.2010/4.2.1193 - BuddyIcon Buffer Overflow
exploitdb·2000-12-12
CVE-2000-1094 AOL Instant Messenger 4.0/4.1.2010/4.2.1193 - BuddyIcon Buffer Overflow
AOL Instant Messenger 4.0/4.1.2010/4.2.1193 - BuddyIcon Buffer Overflow
---
source: https://www.securityfocus.com/bid/2122/info
AOL Instant Messenger (AIM) is a real time messaging service for users that are on line. When AOL Instant Messenger is installed, by default it configures the system so that the aim: URL protocol connects aim:// urls to the AIM client. There exists a buffer overflow in parsing aim:// URL parameters.
The buffer overflow has to do with the parsing of parameters associated with the "buddyicon" option. The stack overflow will occur If the "Source" parameter, which arguments the buddyicon option, is more than 3000 characters in length. It may be possible to execute arbitrary code. Since this vulnerability manifests itself in an URL, a user needs only to click on th
No writeups or analysis indexed.
http://4004securityproject.wordpress.com/2010/02/26/dz-erotik-auktionshaus-v-4-rgo-news-php-sql-injection/http://osvdb.org/62623http://secunia.com/advisories/38792http://www.exploit-db.com/exploits/11582https://exchange.xforce.ibmcloud.com/vulnerabilities/56581http://4004securityproject.wordpress.com/2010/02/26/dz-erotik-auktionshaus-v-4-rgo-news-php-sql-injection/http://osvdb.org/62623http://secunia.com/advisories/38792http://www.exploit-db.com/exploits/11582https://exchange.xforce.ibmcloud.com/vulnerabilities/56581
2010-03-24
Published