CVE-2010-4984
published 2011-11-01CVE-2010-4984: SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.04%
59.7th percentile
SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text box.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion
exploitdb·2010-12-15
CVE-2010-4350 Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion
---
MantisBT library/adodb/adodb.inc.php
...
4109:
4110: $file = ADODB_DIR."/drivers/adodb-".$db.".inc.php";
4111: @include_once($file);
...
Tested on: Microsoft Windows XP Professional SP3 (English)
Debian GNU/Linux (squeeze)
Apache 2.2.14 (Win32)
MySQL 5.1.41
PHP 5.3.1
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk
Advisory ID: ZSL-2010-4984
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php
Vendor Advisory URL: http://www.mantisbt.org/bugs/view.php?id=12607
13.12.2010
PoC:
Dork: Copyright+MantisBT Group
LFI/FD: http://[MANTIS_ROOT_HOST]/admin/upgrade_unattended.php?db_type=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboo
Exploit-DB
My Kazaam Notes Management System - Multiple Vulnerabilities
exploitdb·2010-07-10
CVE-2010-4985 My Kazaam Notes Management System - Multiple Vulnerabilities
My Kazaam Notes Management System - Multiple Vulnerabilities
---
Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title: My Kazaam Notes Management System Multiple Vulnerability
Vendor url:http://www.mykazaam.com
Version:1
Published: 2010-07-11
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
Use as an order tracking system with Message confirmed, as a progress chart
or an online diary. Operates with file numbers to sep
http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txthttp://securityreason.com/securityalert/8494http://www.exploit-db.com/exploits/14325http://www.securityfocus.com/bid/41542https://exchange.xforce.ibmcloud.com/vulnerabilities/60254http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txthttp://securityreason.com/securityalert/8494http://www.exploit-db.com/exploits/14325http://www.securityfocus.com/bid/41542https://exchange.xforce.ibmcloud.com/vulnerabilities/60254
2011-11-01
Published