CVE-2016-2005
published 2016-04-21CVE-2016-2005: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka…
PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
20.41%
97.2th percentile
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | data_protector | >= 7.0 < 7.03_108 | 7.03_108 |
| hp | data_protector | >= 8.0 < 8.15 | 8.15 |
| hp | data_protector | >= 9.0 < 9.06 | 9.06 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ocomon 2.0 - SQL Injection
exploitdb·2016-08-22·CVSS 5.0
CVE-2005-4664 [MEDIUM] Ocomon 2.0 - SQL Injection
Ocomon 2.0 - SQL Injection
---
# Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql
Injection
# Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6
# Date: 2016.08.18
# Exploit Author: Jonatas Fil a.k.a pwx
# Vendor Homepage: ninj4c0d3r.github.io
# Version: Latest 2.0RC6
# Tested on: Linux And Windows
# CVE : CVE-2005-4664
\xDetails:
[Software]
- Ocomon
[Bug Summary]
- Multiple SQL Injection (SQLi)
[Impact]
- High
[Affected Version]
- Latest 2.0RC6
- Prior versions may also be affected
\x01- Search by dork in google
Dorks:
inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6
\x02 - After, To find the victim, open the inspect element in admin page.
\x03 - Look for the parameter: : : : , and return
valida() and delete the content, leaving blank.
\x04 -
Exploit-DB
IBM Lotus Domino R8 - Password Hash Extraction
exploitdb·2016-02-25·CVSS 5.0
CVE-2005-2428 [MEDIUM] IBM Lotus Domino R8 - Password Hash Extraction
IBM Lotus Domino R8 - Password Hash Extraction
---
# Exploit Title: IBM Lotus Domino <= R8 Password Hash Extraction Exploit
# Google Dork: inurl:names.nsf?opendatabase
# Date: 02-24-2016
# Exploit Author: Jonathan Broche
# Contact: https://twitter.com/g0jhonny
# Vendor Homepage: https://www-01.ibm.com/software/lotus/category/messaging/
# Tested on: Lotus Domino 8.5
# CVE : CVE-2005-2428
1. Description
IBM Domino Databases contain a configuration issue allowing users to obtain password hashes, configuraiton information and more from the Public Address Book (i.e., names.nsf database). Password hashes are obtained from the hidden HTML HTTPPassword and dspHTTPPassword fields per user in the database.
2. Proof of Concept
#!/usr/bin/env python2
import requests, re, BeautifulSoup, sys, arg
Bugzilla
CVE-2016-10711 Pound: request smuggling via crafted headers
bugzilla·2018-01-30·CVSS 4.3
CVE-2016-10711 [MEDIUM] CVE-2016-10711 Pound: request smuggling via crafted headers
CVE-2016-10711 Pound: request smuggling via crafted headers
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
References:
http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000
Discussion:
Created Pound tracking bugs for this issue:
Affects: epel-all [bug 1540190]
Affects: fedora-all [bug 1540191]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2016-1251 perl-DBD-MySQL: Use after free when using prepared statements
bugzilla·2016-11-29·CVSS 8.1
CVE-2016-1251 [HIGH] CVE-2016-1251 perl-DBD-MySQL: Use after free when using prepared statements
CVE-2016-1251 perl-DBD-MySQL: Use after free when using prepared statements
A use after free vulnerability when using prepared statements was found in DBD::mysql. Function dbd_st_fetch() via Renew() can reallocate output buffer for mysql_stmt_fetch() call, but it does not update pointer to that buffer in imp_sth->stmt structure initialized by mysql_stmt_bind_result() function, which leads to use after free in any mysql function which access imp_sth->stmt structure.
This vulnerability is present in all releases at least back to versions 3.0 of the driver, which were released in 2005.
Upstream patch:
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1
References:
http://seclists.org/oss-sec/2016/q4/536
Discussion:
Created perl-DBD-MySQL tracking bug
Bugzilla
CVE-2016-1246 perl-DBD-MySQL: Buffer overflow triggered by user supplied data
bugzilla·2016-09-29·CVSS 7.5
CVE-2016-1246 [HIGH] CVE-2016-1246 perl-DBD-MySQL: Buffer overflow triggered by user supplied data
CVE-2016-1246 perl-DBD-MySQL: Buffer overflow triggered by user supplied data
A buffer overflow vulnerability in prepared statements that could be possibly triggered by user supplied data was found in perl DBI driver for MySQL. Vulnerability is present in all releases at least back to versions 3.0 of the driver released in 2005.
Discussion:
Upstream patch:
https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2
---
Created perl-DBD-MySQL tracking bugs for this issue:
Affects: fedora-all [bug 1381280]
---
On RHEL / Fedora, the FORTIFY_SOURCE compilation option catches this stack-based buffer overflow, and it turns a flaw which could result in arbitrary code execution into a mere crash. Our CVSS score reflects this fact.
http://www.securitytracker.com/id/1035631http://www.zerodayinitiative.com/advisories/ZDI-16-245https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988http://www.securitytracker.com/id/1035631http://www.zerodayinitiative.com/advisories/ZDI-16-245https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
2016-04-21
Published