CVE-2014-2008
published 2014-09-12CVE-2014-2008: SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.64%
83.7th percentile
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mpay24_project | mpay24 | <= 1.5.1 | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
| mpay24_project | mpay24 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
exploitdb·2019-08-12·CVSS 4.3
CVE-2014-4035 [MEDIUM] BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
---
# Exploit Title:BSI Advance Hotel Booking System Persistent XSS
# Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc
# Date: Wed Jun 4 2014
# Exploit Author: Angelo Ruwantha
# Vendor Homepage: http://www.bestsoftinc.com
# Software Link: http://www.bestsoftinc.com/php-advance-hotel-booking-system.html
# Version: V2.0
# Tested on: archlinux
# CVE : CVE-2014-4035
Vulnerability
[+]Method:POST
1.http://URL/hotel-booking/booking_details.php (;persistent XSS)
allowlang=&title=<IMG SRC="javascript:alert('HelloWorld ;)');"&fname=&lname=&str_addr=&city=&state=&zipcode=&country=&phone=&fax=&email=&payment_type=&message=&tos=
every parameter injectable :)
Exploit-DB
HP Data Protector A.09.00 - Arbitrary Command Execution
exploitdb·2016-05-26·CVSS 9.8
CVE-2016-2004 [CRITICAL] HP Data Protector A.09.00 - Arbitrary Command Execution
HP Data Protector A.09.00 - Arbitrary Command Execution
---
#!/usr/bin/python
#
# Exploit Title: Data Protector Encrypted Communications
# Date: 26-05-2016
# Exploit Author: Ian Lovering
# Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/
# Version: A.09.00 and earlier
# Tested on: Windows Server 2008
# CVE : CVE-2016-2004
#
# This proof of concept demonstrates that enabling encrypted control communication on
# Data Protector agents does not provide any additional security.
# As is provides no authentication it is not a viable workaround to prevent the
# exploitation of well known Data Protector issues such as cve-2014-2623
#
# This exploit establishes and unauthenticated encrypted communication channel to
# a Data Protector Agent and
Exploit-DB
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
exploitdb·2015-02-27·CVSS 10.0
CVE-2015-1497 [CRITICAL] Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
---
# Exploit Title: Persistent Systems Client Automation (PSCA, formerly HPCA or Radia) Command Injection Remote Code Execution Vulnerability
# Date: 2014-10-01
# Exploit Author: Ben Turner
# Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/
# Version: 7.9, 8.1, 9.0, 9.1
# Tested on: Windows XP, Windows 7, Server 2003 and Server 2008
# CVE-2015-1497
# CVSS: 10
require 'msf/core'
class Metasploit3 'Persistent Systems Client Automation (PSCA, formerly HPCA or Radia) Command Injection Remote Code Execution Vulnerability',
'Description' => %Q{
This module exploits PS Client Automation, by sending a remote service install and creating a callback payload.
},
'Author' => [ 'Ben Turner'
Exploit-DB
JetAudio 8.1.3 - '.mp4' Crash (PoC)
exploitdb·2014-12-12
JetAudio 8.1.3 - '.mp4' Crash (PoC)
JetAudio 8.1.3 - '.mp4' Crash (PoC)
---
# Exploit Title : jetAudio 8.1.3 Basic Use-after-free (Corrupted mp4) Crash POC
# Product : jetAudio Basic
# Date : 12.12.2014
# Exploit Author : ITDefensor Vulnerability Research Team http://itdefensor.ru/
# Software Link : http://www.jetaudio.com/download/
# Vulnerable version : 8.1.3 (Latest at the moment) and probably previous versions
# Vendor Homepage : http://www.jetaudio.com/
# Tested on : jetAudio 8.1.3 Basic installed on Windows 7 x64, Windows Server 2008, Windows 7 x86
# CVE : unknown at the moment
#============================================================================================
# Open created POC file (fault.mp4) with jetAudio
# Details
# (6e74.6e20): Access violation - code c0000005 (first chance)
# First chance exceptions
Exploit-DB
Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation
exploitdb·2014-12-02
CVE-2014-9141 Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation
Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation
---
# Exploit Title: Thomson Reuters Fixed Assets CS Windows 7, Windows 8
# CVE : 2014-9141
Product Affected:
Fixed Assets CS <=13.1.4 (Workstation Install)
Note: 2003/2008 Terminal Services/Published apps **may** be vulnerable,
depending on system configuration.
This vulnerability has been reference checked against multiple
installs. This configuration was identical across all systems and each
version encountered.
Executables/Services:
C:\WinCSI\Tools\connectbgdl.exe
Attack Detail:
The Fixed Assets CS installer places a system startup item at
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Which then executes the utility at C:\WinCSI\Tools\connectbgdl.exe.
The executables that are ins
Exploit-DB
Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)
exploitdb·2014-11-14
CVE-2014-6352 Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)
Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "MS14-064 Microsoft Windows OLE Package Manager Code Execution",
'Description' => %q{
This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE)
allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass.
The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms
such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known
to be vulnerable. However, based on our testing, the most reliable setup is on Windows
pla
Exploit-DB
ClassApps SelectSurvey.net - Multiple SQL Injections
exploitdb·2014-09-20
CVE-2014-6030 ClassApps SelectSurvey.net - Multiple SQL Injections
ClassApps SelectSurvey.net - Multiple SQL Injections
---
##########
# Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net
# Google Dork: intitle:SelectSurvey
# Date: Sep 03 2014
# Vendor Homepage: https://www.classapps.com/
# Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp
# Version: 4.124.004
# Tested on: Windows 2008 R2/SQL Server 2008
# CVE: 2014-6030
##########
Description
SelectSurvey.net is a web-based survey application written in ASP.net
and C#. It is vulnerable to multiple SQL injection attacks, both
authenticated and unauthenticated. The authenticated vulnerability
resides within the file upload script, as the parameters are not
sanitized prior to being placed into the SQL query. ClassApps had
previously listed 'SQL injection protecti
Exploit-DB
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities
exploitdb·2014-09-08·CVSS 7.5
CVE-2014-2009 [HIGH] Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities
---
Mpay24 PrestaShop Payment Module Multiple Vulnerabilities
- · Affected Vendor: Mpay24
- · Affected Software: Mpay24 Payment Module
- · Affected Version: 1.5 and earlier
- · Issue Type: SQL injection and information disclosure
- · Notification Date: 10 February 2014
- · Release Date: 03 September 2014
- · Discovered by: Eldar Marcussen
- · Issue status: Patch available
Summary
BAE Systems Applied Intelligence researcher, Eldar Marcussen has identified
two high impact vulnerabilities in the Mpay24 payment module for the
Prestashop e-commerce solution.
“Mpay24 is the online-payment platform for e- and m-commerce combines
frequently used and innovative payment systems in one single interface”. [
www.mpay24.com]
“Prestas
Exploit-DB
Rocket Servergraph Admin Center - fileRequestor Remote Code Execution (Metasploit)
exploitdb·2014-06-18
CVE-2014-3914 Rocket Servergraph Admin Center - fileRequestor Remote Code Execution (Metasploit)
Rocket Servergraph Admin Center - fileRequestor Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Rocket Servergraph Admin Center fileRequestor Remote Code Execution',
'Description' => %q{
This module abuses several directory traversal flaws in Rocket Servergraph Admin
Center for Tivoli Storage Manager. The issues exist in the fileRequestor servlet,
allowing a remote attacker to write arbitrary files and execute commands with
administrative privileges. This module has been tested successfully on Rocket
ServerGraph 1.2 over Windows 2008 R2 64 bits, Windows 7 SP1 32 bits and Ubuntu
12.04 64 bits.
},
'Author' =>
[
'rgod ', # Vul
Exploit-DB
BigDump 0.35b - Arbitrary File Upload
exploitdb·2014-03-24
CVE-2008-6660 BigDump 0.35b - Arbitrary File Upload
BigDump 0.35b - Arbitrary File Upload
---
[+] Arbitrary Upload on BigDump v0.35b
[+] Date: 23/03/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.ozerov.de/bigdump/
[+] Contact: [email protected]
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: bigdump.php
[+] Version: v0.35b
[+] Exploit : http://host/bigdump.php?start=
[+] PoC: http://SERVER/bigdump.php?start=
Note: allows upload files and shells with tamperdate.
Exploit-DB
HP Data Protector - 'EXEC_BAR' Remote Command Execution
exploitdb·2014-02-16·CVSS 10.0
CVE-2013-2347 [CRITICAL] HP Data Protector - 'EXEC_BAR' Remote Command Execution
HP Data Protector - 'EXEC_BAR' Remote Command Execution
---
import argparse
import socket
"""
Exploit Title: HP Data Protector EXEC_BAR Remote Command Execution
Exploit Author: Chris Graham @cgrahamseven
CVE: CVE-2013-2347
Date: February 14, 2014
Vendor Homepage: www.hp.com
Version: 6.10, 6.11, 6.20
Tested On: Windows Server 2003, Windows Server 2008 R2
References:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03822422
http://www.zerodayinitiative.com/advisories/ZDI-14-008/
Details:
The omniinet service, which runs by default on port 5555, is susceptible
to numerous remotely exploitable vulnerabilities. By sending a malicious
EXEC_BAR packet (opcode 11), a remote attacker can force the omniinet
service to run an arbitrary command. On Windows, the omnii
Bugzilla
CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [epel-all]
bugzilla·2014-07-21·CVSS 9.8
CVE-2014-5009 [CRITICAL] CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [epel-all]
CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when avail
Bugzilla
CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules
bugzilla·2014-02-17·CVSS 5.0
CVE-2014-1943 [MEDIUM] CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules
CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules
A flaw was found in the way the file utility determined the type of a file. A malicious input file could cause the file utility to use 100% CPU, or trigger infinite recursion, causing the file utility to crash or, potentially, execute arbitrary code.
Upstream fixes:
https://github.com/file/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f
https://github.com/file/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70
https://github.com/file/file/commit/4afb9b168906f117e32a11367761cd50fe9d4abe
Original report:
http://mx.gw.com/pipermail/file/2014/001327.html
Discussion:
It was noted that this issue was introduced in November 2008:
http://mx.gw.com/pipermail/file/2014/001330.html
The version of file as shipp
http://osvdb.org/show/osvdb/110737http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Sep/23http://www.exploit-db.com/exploits/34586http://www.securityfocus.com/bid/69560https://exchange.xforce.ibmcloud.com/vulnerabilities/95720http://osvdb.org/show/osvdb/110737http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Sep/23http://www.exploit-db.com/exploits/34586http://www.securityfocus.com/bid/69560https://exchange.xforce.ibmcloud.com/vulnerabilities/95720
2014-09-12
Published