CVE-2006-1051
published 2006-03-07CVE-2006-1051: SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.21%
64.7th percentile
SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| akarru | social_bookmarking_engine | — | — |
| akarru | social_bookmarking_engine | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4g86-5q85-v98x: SQL injection vulnerability in Akarru Social BookMarking Engine before 0
ghsa_unreviewed·2022-05-01
CVE-2006-1051 [HIGH] GHSA-4g86-5q85-v98x: SQL injection vulnerability in Akarru Social BookMarking Engine before 0
SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php.
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2004-1051 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
Statement: We do not consider this to be a security issue:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2005-4158 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Statement: We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2006-0151 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
Statement: We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/19112http://sourceforge.net/project/shownotes.php?release_id=398713&group_id=155783http://www.securityfocus.com/bid/16989http://www.vupen.com/english/advisories/2006/0841https://exchange.xforce.ibmcloud.com/vulnerabilities/25115http://secunia.com/advisories/19112http://sourceforge.net/project/shownotes.php?release_id=398713&group_id=155783http://www.securityfocus.com/bid/16989http://www.vupen.com/english/advisories/2006/0841https://exchange.xforce.ibmcloud.com/vulnerabilities/25115
2006-03-07
Published