CVE-2010-1711
published 2010-05-04CVE-2010-1711: Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.72%
74.6th percentile
Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ramoncastro | siestta | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Teams - Multiple Blind SQL Injections
exploitdb·2010-08-10
CVE-2010-4941 Joomla! Component Teams - Multiple Blind SQL Injections
Joomla! Component Teams - Multiple Blind SQL Injections
---
Teams 1_1028_100809_1711 Joomla Component Multiple Blind SQL Injection Vulnerabilities
Name Teams
Vendor http://www.joomlamo.com
Versions Affected 1_1028_100809_1711
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10
X. INDEX
I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX
I. ABOUT THE APPLICATION
Teams is a base application for entering leagues, teams,
players, uniforms, and games.
II. DESCRIPTION
Some parameters are not properly sanitised before being
used in SQL queries.
III. ANALYSIS
Summary:
A) Multiple Blind SQL Injection
A) Multiple Blind SQL Injection
Many parameters are not properly sani
Exploit-DB
SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting
exploitdb·2010-04-16
CVE-2010-1711 SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting
SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting
---
####################################################################
# SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities
# download: http://ramoncastro.es/siestta_old/
#
# Author: Jose Luis Gongora Fernandez 'aka' JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://www.hack0wn.com/
# team: Spanish Hackers Team - [SHT]
#
# Hack0wn Security Project!!
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
####################################################################
#
# "need" register_globals = On
#
####################################################################
- [#LFI]
!EXPLOIT: /login.php?idioma=/../../../../../../../../../../../etc/passwd%
No writeups or analysis indexed.
http://packetstormsecurity.org/1004-exploits/siestta-lfixss.txthttp://secunia.com/advisories/39453http://www.exploit-db.com/exploits/12260http://www.osvdb.org/63836http://www.securityfocus.com/bid/39526https://exchange.xforce.ibmcloud.com/vulnerabilities/57899http://packetstormsecurity.org/1004-exploits/siestta-lfixss.txthttp://secunia.com/advisories/39453http://www.exploit-db.com/exploits/12260http://www.osvdb.org/63836http://www.securityfocus.com/bid/39526https://exchange.xforce.ibmcloud.com/vulnerabilities/57899
2010-05-04
Published