CVE-2010-2696
published 2010-07-12CVE-2010-2696: SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.5th percentile
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-2696 tomcat: missing fix for CVE-2009-0781
bugzilla·2010-07-21·CVSS 4.3
CVE-2009-2696 [MEDIUM] CVE-2009-2696 tomcat: missing fix for CVE-2009-0781
CVE-2009-2696 tomcat: missing fix for CVE-2009-0781
The RHSA-2009:1164 Tomcat security update for Red Hat Enterprise Linux 5
did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a
cross-site scripting (XSS) flaw in the examples calendar application. A
missing patch is considered a security regression, and requires a new CVE
name. This regression is assigned CVE-2009-2696. It fixes the same issue as
CVE-2009-0781 and is specific to Red Hat Enterprise Linux 5.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0580 https://rhn.redhat.com/errata/RHSA-2010-0580.html
Bugzilla
CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference
bugzilla·2010-06-18·CVSS 9.8
CVE-2010-0212 [CRITICAL] CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference
CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference
A vulnerability was found in OpenLDAP during the processing of a modrdn call with a specially crafted destination rdn string. An unauthenticated user could
cause slapd to crash due to a NULL pointer dereference.
Quoting the report:
As with bug CVE-2010-0211 (bug #605448), the crash occurs during a call to smr_normalize, but in this case the call points to IA5StringNormalize which crashes with a null pointer dereference at schema_init.c:2696.
This has been reportedly tested against upstream 2.4.22 as well as 2.4.11 (Debian) and 2.4.21 (Ubuntu).
Acknowledgements:
Red Hat would like to thank CERT-FI for responsibly reporting this flaw, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of t
http://osvdb.org/66155http://www.exploit-db.com/exploits/14260http://www.vupen.com/english/advisories/2010/1766https://exchange.xforce.ibmcloud.com/vulnerabilities/60177http://osvdb.org/66155http://www.exploit-db.com/exploits/14260http://www.vupen.com/english/advisories/2010/1766https://exchange.xforce.ibmcloud.com/vulnerabilities/60177
2010-07-12
Published