CVE-2010-4830
published 2011-08-24CVE-2010-4830: SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
59.9th percentile
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| t-dreams | job_career_package | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
T-Dreams Job Seekers Package 3.0 - SQL Injection
exploitdb·2010-12-04
CVE-2010-4830 T-Dreams Job Seekers Package 3.0 - SQL Injection
T-Dreams Job Seekers Package 3.0 - SQL Injection
---
# Author: R4dc0re
# Exploit Title: T-Dreams Job Seekers Package SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link:http://t-dreams.com
# Category:WebApp
#Version:3.0
#Price:279$
#Contact: [email protected]
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members
Submit Your Exploit at [email protected]
########################################################################################
[Product Detail]
Job Seekers can post their C.V.s and contact employers for free.
Employers (companies) can post as many Job Ads as they need.
Users can modify their posts later or delete them through a security system.
The System is provided with Advanced Search
Exploit-DB
EnjoySAP SAP GUI - ActiveX Control Arbitrary File Download (Metasploit)
exploitdb·2010-12-01
CVE-2008-4830 EnjoySAP SAP GUI - ActiveX Control Arbitrary File Download (Metasploit)
EnjoySAP SAP GUI - ActiveX Control Arbitrary File Download (Metasploit)
---
##
# $Id: enjoysapgui_comp_download.rb 11189 2010-12-01 03:18:05Z swtornio $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 OperatingSystems::WINDOWS,
:javascript => true,
:rank => NormalRanking,
:vuln_test => nil,
})
def initialize(info = {})
super(update_info(info,
'Name' => 'EnjoySAP SAP GUI ActiveX Control Arbitrary File Download',
'Description' => %q{
This module allows remote attackers to place arbitrary files on a users file system
by abusing the "Comp_Downl
No writeups or analysis indexed.
http://packetstormsecurity.org/files/view/96375/tdreamsjsp-sql.txthttp://secunia.com/advisories/34996http://securityreason.com/securityalert/8353http://www.exploit-db.com/exploits/15678http://www.securityfocus.com/bid/45203http://packetstormsecurity.org/files/view/96375/tdreamsjsp-sql.txthttp://secunia.com/advisories/34996http://securityreason.com/securityalert/8353http://www.exploit-db.com/exploits/15678http://www.securityfocus.com/bid/45203
2011-08-24
Published