CVE-2006-0669
published 2006-02-13CVE-2006-0669: Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2)…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.14%
62.5th percentile
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2006-4484 PHP heap overflow in LWZReadByte
bugzilla·2006-09-18·CVSS 2.6
CVE-2006-4484 [LOW] CVE-2006-4484 PHP heap overflow in LWZReadByte
CVE-2006-4484 PHP heap overflow in LWZReadByte
PHP GIF heap overflow.
Heap buffer overflow in the GD extension, in the LWZReadByte() function,
triggered by invalid GIF files.
http://bugs.php.net/bug.php?id=38112
http://www.php.net/release_5_1_5.php
This issue also affects RHEL3
This issue does not affect RHEL2.1 (GIF support not present)
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0669.html
Bugzilla
CVE-2006-3016 PHP session ID validation
bugzilla·2006-09-18·CVSS 9.3
CVE-2006-3016 [CRITICAL] CVE-2006-3016 PHP session ID validation
CVE-2006-3016 PHP session ID validation
PHP session ID validation
PHP does not validate the characters used in the session name. Unknown impact.
http://www.php.net/release_4_4_3.php
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0669.html
Bugzilla
CVE-2006-4486 PHP integer overflows in Zend
bugzilla·2006-09-15·CVSS 2.6
CVE-2006-4486 [LOW] CVE-2006-4486 PHP integer overflows in Zend
CVE-2006-4486 PHP integer overflows in Zend
PHP integer overflow
Integer overflows in the Zend allocation routines may prevent memory allocation
limits from being applied properly on 64-bit architectures, which could allow
denial of service attacks.
http://www.php.net/ChangeLog-5.php#5.1.6
This issue also affects RHEL3
This issue also affects RHEL2.1
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0669.html
http://securitytracker.com/id?1015600http://www.attrition.org/pipermail/vim/2006-February/000561.htmlhttp://www.osvdb.org/23509http://www.securityfocus.com/bid/16563https://exchange.xforce.ibmcloud.com/vulnerabilities/24616http://securitytracker.com/id?1015600http://www.attrition.org/pipermail/vim/2006-February/000561.htmlhttp://www.osvdb.org/23509http://www.securityfocus.com/bid/16563https://exchange.xforce.ibmcloud.com/vulnerabilities/24616
2006-02-13
Published