CVE-2010-2911
published 2010-07-28CVE-2010-2911: SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kayako | esupport | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT
suricata·2010-07-30·CVSS 8.5
CVE-2007-2911 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT"; flow:established,to_server; http.uri; content:"/admincp/attachment.php?"; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-2911; reference:url,www.vbulletin.com/forum/project.php?issueid=21615; classtype:web-application-attack; sid:2004077; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT
suricata·2010-07-30·CVSS 8.5
CVE-2007-2911 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT"; flow:established,to_server; http.uri; content:"/admincp/attachment.php?"; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-2911; reference:url,www.vbulletin.com/forum/project.php?issueid=21615; classtype:web-application-attack; sid:2004079; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII
suricata·2010-07-30·CVSS 8.5
CVE-2007-2911 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII"; flow:established,to_server; http.uri; content:"/admincp/attachment.php?"; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-2911; reference:url,www.vbulletin.com/forum/project.php?issueid=21615; classtype:web-application-attack; sid:2004081; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT
suricata·2010-07-30·CVSS 8.5
CVE-2007-2911 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT"; flow:established,to_server; http.uri; content:"/admincp/attachment.php?"; nocase; content:"UNION"; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-2911; reference:url,www.vbulletin.com/forum/project.php?issueid=21615; classtype:web-application-attack; sid:2004078; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE
suricata·2010-07-30·CVSS 8.5
CVE-2007-2911 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE"; flow:established,to_server; http.uri; content:"/admincp/attachment.php?"; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-2911; reference:url,www.vbulletin.com/forum/project.php?issueid=21615; classtype:web-application-attack; sid:2004082; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mit
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php DELETE
suricata·2010-07-30·CVSS 8.5
CVE-2007-2911 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php DELETE
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php DELETE"; flow:established,to_server; http.uri; content:"/admincp/attachment.php?"; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-2911; reference:url,www.vbulletin.com/forum/project.php?issueid=21615; classtype:web-application-attack; sid:2004080; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Exploit-DB
Kayako eSupport 3.70.02 - 'functions.php' SQL Injection
exploitdb·2010-07-18
CVE-2010-2912 Kayako eSupport 3.70.02 - 'functions.php' SQL Injection
Kayako eSupport 3.70.02 - 'functions.php' SQL Injection
---
Peace !!
###########################################################################
Name : Kayako eSupport v3.70.02 SQL Injection Vulnerability
Date : july 18,2010
Vendor urL : http://www.kayako.com/solutions/esupport/
Dork :Find It !!
Author : ScOrPiOn
Greetz : Dr.Dmar & Joker_1 & HiDDen HaCkEr & GeNeRaL KbKb & And All My Friends
###########################################################################
Effect :
/includes/functions.php
###########################################################################
Here The SQL Injec .....
http://server/Kayako/index.php?_m=downloads&_a=*SQLi*
###########################################################################
Peace !!
Exploit-DB
Kayako eSupport 3.70.02 - SQL Injection
exploitdb·2010-07-17
CVE-2010-2912 Kayako eSupport 3.70.02 - SQL Injection
Kayako eSupport 3.70.02 - SQL Injection
---
Name :Kayako eSupport v3.70.02 SQL Injection Vulnerability
Date : july 17,2010
Critical Level : HIGH
vendor URL :http://www.kayako.com/solutions/esupport/
google dork:Help Desk Software by Kayako SupportSuite v3.70.02
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,SeeMe,RoadKiller
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
eSupport incorporates Kayako's leading ticket and e-mail management support desk software, including knowledgebase, troubleshooter, news and downloads publishing tools.
#################################
Bugzilla
ejabberd: Remote DoS via flood of client2server messages
bugzilla·2010-01-29
[LOW] ejabberd: Remote DoS via flood of client2server messages
ejabberd: Remote DoS via flood of client2server messages
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.
Track of the incident:
https://support.process-one.net/browse/EJAB-1173
Upstream patches against v2.1:
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N
CVE Request:
http://www.openwall.com/lists/oss-security/2010/01/29/1
Discussion:
*** This bug has been marked as a duplicate of bug 559921 ***
Bugzilla
ejabberd: Remote DoS via flood of client2server messages
bugzilla·2010-01-29
[LOW] ejabberd: Remote DoS via flood of client2server messages
ejabberd: Remote DoS via flood of client2server messages
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.
Track of the incident:
https://support.process-one.net/browse/EJAB-1173
Upstream patches against v2.1:
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N
CVE Request:
http://www.openwall.com/lists/oss-security/2010/01/29/1
Discussion:
*** Bug 559900 has been marked as a duplicate of this bug. ***
---
*** Bug 559893 has been marked as a duplicate of this bug. ***
---
**
Bugzilla
ejabberd: Remote DoS via flood of client2server messages
bugzilla·2010-01-29
[LOW] ejabberd: Remote DoS via flood of client2server messages
ejabberd: Remote DoS via flood of client2server messages
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.
Track of the incident:
https://support.process-one.net/browse/EJAB-1173
Upstream patches against v2.1:
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N
CVE Request:
http://www.openwall.com/lists/oss-security/2010/01/29/1
Discussion:
*** This bug has been marked as a duplicate of bug 559890 ***
Bugzilla
CVE-2010-0305 ejabberd: Remote DoS via flood of client2server messages
bugzilla·2010-01-29·CVSS 5.0
CVE-2010-0305 [MEDIUM] CVE-2010-0305 ejabberd: Remote DoS via flood of client2server messages
CVE-2010-0305 ejabberd: Remote DoS via flood of client2server messages
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.
Track of the incident:
https://support.process-one.net/browse/EJAB-1173
Upstream patches against v2.1:
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N
CVE Request:
http://www.openwall.com/lists/oss-security/2010/01/29/1
Discussion:
This issue affects the latest versions of ejabberd package, as shipped
with Fedora 11 (ejabberd-2.1.1-1.fc11) and 12 (ejabberd
http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txthttp://www.exploit-db.com/exploits/14392http://www.securityfocus.com/bid/41779http://www.vupen.com/english/advisories/2010/1843https://exchange.xforce.ibmcloud.com/vulnerabilities/60455http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txthttp://www.exploit-db.com/exploits/14392http://www.securityfocus.com/bid/41779http://www.vupen.com/english/advisories/2010/1843https://exchange.xforce.ibmcloud.com/vulnerabilities/60455
2010-07-28
Published