CVE-2010-4145
published 2010-11-02CVE-2010-4145: Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via…
PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.51%
82.8th percentile
Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Kisisel Radyo Script - Multiple Vulnerabilities
exploitdb·2010-10-17
CVE-2010-4145 Kisisel Radyo Script - Multiple Vulnerabilities
Kisisel Radyo Script - Multiple Vulnerabilities
---
Kisisel Radyo Script - Multiple Vulnerabilities
############################################
Author: FuRty
Contact : [email protected]
Thanks: RedGuard, KnocKout, TrSniper and all Justic3 Group
############################################
Script : Kisisel Radyo Script
Version : N/A
Download : http://www.aspindir.com
###########################################
SQL Injection Vulnerable in radyo.asp
####################################
id = Request.QueryString("id")
Set baglanti = Server.CreateObject("Adodb.Connection")
baglanti.Open "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & Server.MapPath(""&veriyolu&"")
set rsust=Server.CreateObject("ADODB.RecordSet")
sql = "Select * from sayfa WHERE id="&id&""
###################################
Exploit-DB
Lyris ListManager - MSDE Weak sa Password (Metasploit)
exploitdb·2010-09-20
CVE-2005-4145 Lyris ListManager - MSDE Weak sa Password (Metasploit)
Lyris ListManager - MSDE Weak sa Password (Metasploit)
---
##
# $Id: lyris_listmanager_weak_pass.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Lyris ListManager MSDE Weak sa Password',
'Description' => %q{
This module exploits a weak password vulnerability in the
Lyris ListManager MSDE install. During installation, the 'sa'
account password is set to 'lminstall'. Once the install
completes, it is set to 'lyris' followed by the process
ID of the installer. This module brute forces all possible
process
No writeups or analysis indexed.
http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txthttp://secunia.com/advisories/41816http://www.exploit-db.com/exploits/15270http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txthttp://secunia.com/advisories/41816http://www.exploit-db.com/exploits/15270
2010-11-02
Published