CVE-2011-1100
published 2011-02-25CVE-2011-1100: Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1)…
PriorityP334medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.30%
66.8th percentile
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pixelpost | pixelpost | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PixelPost 1.7.3 - Multiple POST SQL Injections
exploitdb·2011-02-12
CVE-2011-1100 PixelPost 1.7.3 - Multiple POST SQL Injections
PixelPost 1.7.3 - Multiple POST SQL Injections
---
Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability
Vendor: Pixelpost.org
Product web page: http://www.pixelpost.org
Affected version: 1.7.3
Summary: Pixelpost is an open-source, standards-compliant, multi-lingual,
fully extensible photoblog application for the web. Anyone who has web-space
that meets the requirements can download and use Pixelpost for free!
Desc: Pixelpost is vulnerable to an SQL Injection attack when input is passed
to several POST parameters (findfid, id, selectfcat, selectfmon, selectftag).
The script (admin/index.php) fails to properly sanitize the input before being
returned to the user allowing the attacker to compromise the entire DB system
and view sensitive information.
Tested on: Microsoft
Exploit-DB
Opera Web Browser 11.00 - Integer Overflow
exploitdb·2011-01-25
Opera Web Browser 11.00 - Integer Overflow
Opera Web Browser 11.00 - Integer Overflow
---
#
#
#[+]Exploit Title: Exploit Integer Overflow Opera Web Browser 11.00
#[+]Date: 24\01\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://get12.opera.com/pub/opera/win/1100/int/Opera_1100_int_Setup.exe
#[+]Version: 11.00
#[+]Tested On: WIN-XP SP3 PORTUGUESE BRAZILIAN
#[+]CVE: N/A
#
#
#
#Note:
#This exploit is only a Denial of Service in opera web browser
#I created a poc using heap spray that allow code execution
#but I will not post here because it can be used for evil
#And I do not want that.
# for you to explore the program you control with the number esi childrens then created using a spray heap address any such
#0a0a0a0a the data in address should be the point to the beginning of the shellcode
#0a0a0a0a => \x90\x90\x90 => and your
http://www.exploit-db.com/exploits/16160http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/65474http://www.exploit-db.com/exploits/16160http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/65474
2011-02-25
Published