CVE-2010-2510
published 2010-06-28CVE-2010-2510: SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.91%
55.4th percentile
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
exploitdb·2015-09-16
CVE-2015-2510 Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=469
The following crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 3013413838_orig.xls
Crashing File: 3013413838_crash.xls
Minimized Crashing File: 3013413838_min.xls
The minimized crashing file shows a one bit delta from the original file at offset 0x139F. OffVis did not reveal anything unique about this offset in the minimized file.
File Versions:
Excel.exe: 12.0.6718.5000
OGL.dll: 12.0.6719.5000
oart.dll: 12.0.6683.5002
GD
Exploit-DB
2DayBiz The Web Template Software - SQL Injection / Cross-Site Scripting
exploitdb·2010-06-24
CVE-2010-2510 2DayBiz The Web Template Software - SQL Injection / Cross-Site Scripting
2DayBiz The Web Template Software - SQL Injection / Cross-Site Scripting
---
$-------------------------------------------------------------------------------------------------------------------
$ 2daybiz - The Web Template Software SQL injection and XSS vulnerability
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.2daybiz.com/webtemplatesoftware.html
$ Date :06/24/2010
$ Email :[email protected]
$
$******************************************************************************************
1.SQL injection
http://server/customize.php?tid=[id]+[SQL]
2.XSS
2.a : search products module
Here is my header:
http://www.2daytemplates.com/category.php
POST /category.php HTTP/1.1
Host: www.2daytemplates.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv
No writeups or analysis indexed.
2010-06-28
Published