CVE-2010-4844
published 2011-09-27CVE-2010-4844: SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.18%
63.8th percentile
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Easy Online Shop - SQL Injection
exploitdb·2010-12-17
CVE-2010-4844 Easy Online Shop - SQL Injection
Easy Online Shop - SQL Injection
---
----------------------------Information------------------------------------------------
+Name : Easy Online Shop <= SQL injection Vulnerability Proof of Concept
+Autor : Easy Laster
+Date : 17.12.2010
+Script : Easy Online Shop
+Vendor : http://www.mhproducts.de/
+Price : 8,90
+Language : PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project.com
+Greetz to Team-Internet ,Underground Agents and free-hack.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco.
___ ___ ___ ___ _ _ _____ _ _
| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_
|_ | | | | |_ |___|_ -| -_| _| | |
Exploit-DB
Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit)
exploitdb·2010-09-20
CVE-2008-4844 Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit)
Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit)
---
##
# $Id: ms08_078_xml_corruption.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 HttpClients::IE,
# :ua_minver => "7.0",
# :ua_maxver => "7.0",
# :javascript => true,
# :os_name => OperatingSystems::WINDOWS,
# :vuln_test => nil, # no way to test without just trying it
#})
def initialize(info = {})
super(update_info(info,
'Name' => 'Internet Explorer Data Binding Memory Corruption',
'Description' => %q{
This module
No writeups or analysis indexed.
http://packetstormsecurity.org/files/view/96780/easyonlineshop-sql.txthttp://secunia.com/advisories/42680http://securityreason.com/securityalert/8396http://www.exploit-db.com/exploits/15755http://www.securityfocus.com/bid/45477https://exchange.xforce.ibmcloud.com/vulnerabilities/64192http://packetstormsecurity.org/files/view/96780/easyonlineshop-sql.txthttp://secunia.com/advisories/42680http://securityreason.com/securityalert/8396http://www.exploit-db.com/exploits/15755http://www.securityfocus.com/bid/45477https://exchange.xforce.ibmcloud.com/vulnerabilities/64192
2011-09-27
Published