CVE-2006-0478
published 2006-01-31CVE-2006-0478: CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.08%
86.0th percentile
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cre_loaded | cre_loaded | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
bugzilla·2006-04-13·CVSS 7.5
CVE-2006-0748 [HIGH] CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
Table Rebuilding Code Execution Vulnerability
TippingPoint and the Zero Day Initiative reports that an invalid and
non-sensical ordering of table-related tags causes Mozilla to use a negative
array index. This invalid memory use can be exploited to run code of the
attacker's choice.
Workaround
Upgrade to fixed version.
Although JavaScript is not involved in the vulnerability itself, disabling
JavaScript may prevent an attacker from effectively preparing memory in
order to carry out the exploit.
References
[1]ZDI-06-010
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328937
CVE-2006-0478
This issue also affects RHEL3
This issue also affects RHEL2.1
Discussion:
Lifting embargo
---
An advisory has been issued which shou
Bugzilla
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
bugzilla·2006-04-13·CVSS 7.5
CVE-2006-0748 [HIGH] CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
Table Rebuilding Code Execution Vulnerability
TippingPoint and the Zero Day Initiative reports that an invalid and
non-sensical ordering of table-related tags causes Mozilla to use a negative
array index. This invalid memory use can be exploited to run code of the
attacker's choice.
Workaround
Upgrade to fixed version.
Although JavaScript is not involved in the vulnerability itself, disabling
JavaScript may prevent an attacker from effectively preparing memory in
order to carry out the exploit.
References
[1]ZDI-06-010
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328937
CVE-2006-0478
This issue also affects FC4
Discussion:
Lifting embargo
---
This bug was fixed for FC4 in Fedora Update FEDORA-2006-488
.
This bug
Bugzilla
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
bugzilla·2006-04-13·CVSS 7.5
CVE-2006-0748 [HIGH] CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
Table Rebuilding Code Execution Vulnerability
TippingPoint and the Zero Day Initiative reports that an invalid and
non-sensical ordering of table-related tags causes Mozilla to use a negative
array index. This invalid memory use can be exploited to run code of the
attacker's choice.
Workaround
Upgrade to fixed version.
Although JavaScript is not involved in the vulnerability itself, disabling
JavaScript may prevent an attacker from effectively preparing memory in
order to carry out the exploit.
References
[1]ZDI-06-010
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328937
CVE-2006-0478
This issue also affects FC4
Discussion:
Lifting embargo
---
Fedora Core 5 is no longer supported, could you please reproduce this wi
Bugzilla
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
bugzilla·2006-04-13·CVSS 7.5
CVE-2006-0748 [HIGH] CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
Table Rebuilding Code Execution Vulnerability
TippingPoint and the Zero Day Initiative reports that an invalid and
non-sensical ordering of table-related tags causes Mozilla to use a negative
array index. This invalid memory use can be exploited to run code of the
attacker's choice.
Workaround
Upgrade to fixed version.
Although JavaScript is not involved in the vulnerability itself, disabling
JavaScript may prevent an attacker from effectively preparing memory in
order to carry out the exploit.
References
[1]ZDI-06-010
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328937
CVE-2006-0478
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
close
Bugzilla
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
bugzilla·2006-04-13·CVSS 7.5
CVE-2006-0748 [HIGH] CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
Table Rebuilding Code Execution Vulnerability
TippingPoint and the Zero Day Initiative reports that an invalid and
non-sensical ordering of table-related tags causes Mozilla to use a negative
array index. This invalid memory use can be exploited to run code of the
attacker's choice.
Workaround
Upgrade to fixed version.
Although JavaScript is not involved in the vulnerability itself, disabling
JavaScript may prevent an attacker from effectively preparing memory in
order to carry out the exploit.
References
[1]ZDI-06-010
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328937
CVE-2006-0478
Discussion:
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is
Bugzilla
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
bugzilla·2006-04-13·CVSS 7.5
CVE-2006-0748 [HIGH] CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
Table Rebuilding Code Execution Vulnerability
TippingPoint and the Zero Day Initiative reports that an invalid and
non-sensical ordering of table-related tags causes Mozilla to use a negative
array index. This invalid memory use can be exploited to run code of the
attacker's choice.
Workaround
Upgrade to fixed version.
Although JavaScript is not involved in the vulnerability itself, disabling
JavaScript may prevent an attacker from effectively preparing memory in
order to carry out the exploit.
References
[1]ZDI-06-010
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328937
CVE-2006-0478
This issue also affects FC4
Discussion:
Lifting Embargo
---
These issues have been resolved in FEDORA-2006-411 for FC5 and FEDORA-20
http://secunia.com/advisories/18648http://www.attrition.org/pipermail/vim/2006-February/000527.htmlhttp://www.osvdb.org/22793http://www.securityfocus.com/bid/16415http://www.vupen.com/english/advisories/2006/0373https://exchange.xforce.ibmcloud.com/vulnerabilities/24377http://secunia.com/advisories/18648http://www.attrition.org/pipermail/vim/2006-February/000527.htmlhttp://www.osvdb.org/22793http://www.securityfocus.com/bid/16415http://www.vupen.com/english/advisories/2006/0373https://exchange.xforce.ibmcloud.com/vulnerabilities/24377
2006-01-31
Published