CVE-2010-1661
published 2010-05-03CVE-2010-1661: Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.6th percentile
Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jcink | php-quick-arcade | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DoubleTake/HP StorageWorks Storage Mirroring Service - Authentication Overflow (Metasploit)
exploitdb·2010-07-03
CVE-2008-1661 DoubleTake/HP StorageWorks Storage Mirroring Service - Authentication Overflow (Metasploit)
DoubleTake/HP StorageWorks Storage Mirroring Service - Authentication Overflow (Metasploit)
---
##
# $Id: doubletake.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'DoubleTake/HP StorageWorks Storage Mirroring Service Authentication Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the authentication mechanism of
NSI Doubletake which is also rebranded as HP Storage Works. This vulnerability
was found by Titon of Bastard Labs.
},
'Author' => [ 'ri0t ' ],
'Version' => '$Revisi
Exploit-DB
PHP Quick Arcade 3.0.21 - Multiple Vulnerabilities
exploitdb·2010-04-27
CVE-2010-1662 PHP Quick Arcade 3.0.21 - Multiple Vulnerabilities
PHP Quick Arcade 3.0.21 - Multiple Vulnerabilities
---
PHP Quick Arcade 3.0.21 Multiple Vulnerabilites
#Title: PHP-Quick-Arcade 3.0.21 Multiple Vulnerabilites
#Vendor: http://quickarcade.jcink.com/
#AUTHOR: ITSecTeam
#Email: [email protected]
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability47.htm
#Thanks: Pejvak,[email protected],r3dm0v3,am!rkh@n
# POC 1
www.Site.com/Arcade.php
Send Your Query With Cookie => phpqa_user_c
phpqa_user_c= Sql Injection
Can Use tamper data in mozila
# POC 2
This Bug Worked With Register_Global = On
www.Site.com/acpmoderate.php?id=Sql Injection
# POC 3
Cross Site Scripting (XSS)
www.Site.com/acpmoderate.php?serv=Xss Code
No writeups or analysis indexed.
http://packetstormsecurity.org/1004-exploits/phpquickarcade-sqlxss.txthttp://www.exploit-db.com/exploits/12416http://www.securityfocus.com/bid/39733http://www.vupen.com/english/advisories/2010/1013https://exchange.xforce.ibmcloud.com/vulnerabilities/58184http://packetstormsecurity.org/1004-exploits/phpquickarcade-sqlxss.txthttp://www.exploit-db.com/exploits/12416http://www.securityfocus.com/bid/39733http://www.vupen.com/english/advisories/2010/1013https://exchange.xforce.ibmcloud.com/vulnerabilities/58184
2010-05-03
Published