CVE-2012-1029
published 2012-02-08CVE-2012-1029: SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.27%
66.3th percentile
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tubeace | tube_ace | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tube Ace - 'q' Cross-Site Scripting
exploitdb·2012-02-16
CVE-2012-1029 Tube Ace - 'q' Cross-Site Scripting
Tube Ace - 'q' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52046/info
Tube Ace is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/search/?q=%22%3E%3Cscript%3Ealert%28%22pwned%22%29%3C/script%3E&channel=
Exploit-DB
Tube Ace (Adult PHP Tube Script) - SQL Injection
exploitdb·2012-02-06
CVE-2012-1029 Tube Ace (Adult PHP Tube Script) - SQL Injection
Tube Ace (Adult PHP Tube Script) - SQL Injection
---
# Exploit Title: Tube Ace(Adult PHP Tube Script) SQL Injection
# Date: 05/02/2012
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: Tube Ace
# http://www.tubeace.com
# Tested on: Linux
# Dork: "?viewStandard=0"
[Comment]
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
Maximiliano Soler
Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion
her0, r0dr1 y demas user de RemoteExecution
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[PoC]
http://localhost/mobile/search/?q=[SQL Injection]
http://localhost/mobile/search/?q=1') AND (SELECT 9602 FROM(SELECT
COUNT(*),CONCAT(CHAR(58,109,111,110,58)
Bugzilla
CVE-2012-6092 activemq: Multiple XSS flaws in web demos
bugzilla·2013-04-24·CVSS 4.3
CVE-2012-6092 [MEDIUM] CVE-2012-6092 activemq: Multiple XSS flaws in web demos
CVE-2012-6092 activemq: Multiple XSS flaws in web demos
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6092
Discussion:
This issue has been addressed in following products:
Fuse MQ Enterprise 7.1.0
Via RHSA-2013:1029 https://rhn.redhat.com/errata/RHSA-2013-1029.html
Bugzilla
CVE-2012-6551 activemq: DoS by resource consumption via HTTP requests to sample webapp
bugzilla·2013-04-24·CVSS 5.0
CVE-2012-6551 [MEDIUM] CVE-2012-6551 activemq: DoS by resource consumption via HTTP requests to sample webapp
CVE-2012-6551 activemq: DoS by resource consumption via HTTP requests to sample webapp
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6551
Discussion:
This issue has been addressed in following products:
Fuse MQ Enterprise 7.1.0
Via RHSA-2013:1029 https://rhn.redhat.com/errata/RHSA-2013-1029.html
http://osvdb.org/78900http://packetstormsecurity.org/files/109485/Tube-Ace-SQL-Injection.htmlhttp://secunia.com/advisories/47874http://www.exploit-db.com/exploits/18466http://www.securityfocus.com/bid/51873http://www.securityfocus.com/bid/52046https://exchange.xforce.ibmcloud.com/vulnerabilities/72999http://osvdb.org/78900http://packetstormsecurity.org/files/109485/Tube-Ace-SQL-Injection.htmlhttp://secunia.com/advisories/47874http://www.exploit-db.com/exploits/18466http://www.securityfocus.com/bid/51873http://www.securityfocus.com/bid/52046https://exchange.xforce.ibmcloud.com/vulnerabilities/72999
2012-02-08
Published