CVE-2010-3314
published 2010-09-22CVE-2010-3314: Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.40%
87.3th percentile
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Altap Salamander 2.5 PE Viewer - Local Buffer Overflow (Metasploit)
exploitdb·2010-12-16
CVE-2007-3314 Altap Salamander 2.5 PE Viewer - Local Buffer Overflow (Metasploit)
Altap Salamander 2.5 PE Viewer - Local Buffer Overflow (Metasploit)
---
##
# $Id: altap_salamander_pdb.rb 11353 2010-12-16 20:11:01Z egypt $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Altap Salamander 2.5 PE Viewer Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Altap Salamander MSF_LICENSE,
'Author' => [ 'patrick' ],
'Version' => '$Revision: 11353 $',
'References' =>
[
[ 'CVE', '2007-3314' ],
[ 'BID', '24557' ],
[ 'OSVDB', '37579' ],
[ 'URL', 'http://vuln.sg/salamander25-en.html' ],
],
'DefaultOptions'
Exploit-DB
Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-3314 Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)
Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)
---
##
# $Id: novell_netmail_status.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Novell NetMail %q{
This module exploits a stack buffer overflow in Novell's Netmail 3.52 IMAP STATUS
verb. By sending an overly long string, an attacker can overwrite the
buffer and control program execution.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2005-3314' ],
[ 'OSVDB', '20956' ],
[ '
Exploit-DB
eGroupWare 1.6.002 and eGroupWare premium line 9.1 - Multiple Vulnerabilities
exploitdb·2010-03-16
CVE-2010-3314 eGroupWare 1.6.002 and eGroupWare premium line 9.1 - Multiple Vulnerabilities
eGroupWare 1.6.002 and eGroupWare premium line 9.1 - Multiple Vulnerabilities
---
Advisory Name: Remote Command Execution in EGroupware
Vulnerability Class: Remote Command Execution
Release Date: 2010-03-09
Affected Applications: Confirmed in EGroupware 1.4.001+.002 and 1.6.001+.002. EGroupware
Premium Line 9.1 and 9.2 is also affected. Other versions may also be affected.
Affected Platforms: Multiple
Local / Remote: Remote
Severity: High – CVSS: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Researcher: Nahuel Grisolía
Vendor Status: Acknowledged / Fixed.
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
Reference to CYBSEC Security Advisories: http://www.cybsec.com/EN/research/default.php
Vulnerability Description:
EGroupware is prone to a remot
No writeups or analysis indexed.
http://www.debian.org/security/2010/dsa-2013http://www.egroupware.org/news?item=93http://www.exploit-db.com/exploits/11777/http://www.openwall.com/lists/oss-security/2010/09/21/7http://www.debian.org/security/2010/dsa-2013http://www.egroupware.org/news?item=93http://www.exploit-db.com/exploits/11777/http://www.openwall.com/lists/oss-security/2010/09/21/7
2010-09-22
Published