CVE-2006-0160
published 2006-01-10CVE-2006-0160: SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.83%
76.2th percentile
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| venom_board | venom_board | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Yahoo! Messenger 7.0/7.5 - 'jscript.dll' Non-ASCII Character Denial of Service
exploitdb·2006-06-23
CVE-2006-3298 Yahoo! Messenger 7.0/7.5 - 'jscript.dll' Non-ASCII Character Denial of Service
Yahoo! Messenger 7.0/7.5 - 'jscript.dll' Non-ASCII Character Denial of Service
---
source: https://www.securityfocus.com/bid/18622/info
Yahoo! Messenger is prone to a denial-of-service vulnerability. Successful exploitation will cause the application to crash, effectively denying service.
This issue affects version 7.5.0.814; other versions may also be vulnerable.
The following examples are sufficient to trigger this issue:
s:[space]msg[alt+0160]:---------------------------------------------iframe onload=$InlineAction()>:)
msg:---------------------------------------------iframe onload=$InlineAction()>:)
Exploit-DB
Venom Board - 'Post.php3' Multiple SQL Injections
exploitdb·2006-01-09
CVE-2006-0160 Venom Board - 'Post.php3' Multiple SQL Injections
Venom Board - 'Post.php3' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/16176/info
Venom Board is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/venomboard/forum/post.php3?topic_id=999%20union%20select%201,2,3,4,5,6,7/*
No writeups or analysis indexed.
http://evuln.com/vulns/21/summary.htmlhttp://marc.info/?l=bugtraq&m=113683807903915&w=2http://secunia.com/advisories/18383http://securityreason.com/securityalert/326http://www.osvdb.org/22297http://www.securityfocus.com/bid/16176http://www.vupen.com/english/advisories/2006/0122https://exchange.xforce.ibmcloud.com/vulnerabilities/24046http://evuln.com/vulns/21/summary.htmlhttp://marc.info/?l=bugtraq&m=113683807903915&w=2http://secunia.com/advisories/18383http://securityreason.com/securityalert/326http://www.osvdb.org/22297http://www.securityfocus.com/bid/16176http://www.vupen.com/english/advisories/2006/0122https://exchange.xforce.ibmcloud.com/vulnerabilities/24046
2006-01-10
Published