CVE-2006-1375
published 2006-03-24CVE-2006-1375: AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank…
PriorityP418medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.53%
71.6th percentile
AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| brain_book_software | adman | <= 1.0.20051221 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2qff-fp25-r737: AdMan 1
ghsa_unreviewed·2022-05-01
CVE-2006-1375 [MEDIUM] GHSA-2qff-fp25-r737: AdMan 1
AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php.
Red Hat
CVE-2007-1375: Integer overflow in the substr_compare function in PHP 5
vendor_redhat·CVSS 6.4
CVE-2007-1375 [MEDIUM] CVE-2007-1375: Integer overflow in the substr_compare function in PHP 5
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
Statement: We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1.
These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, Stronghold 4.0, or Red Hat Application Stack 2.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://pridels0.blogspot.com/2006/03/adman-v10x-sql-vuln.htmlhttp://secunia.com/advisories/19351http://www.osvdb.org/24065http://www.osvdb.org/24066http://www.vupen.com/english/advisories/2006/1071https://exchange.xforce.ibmcloud.com/vulnerabilities/25404http://pridels0.blogspot.com/2006/03/adman-v10x-sql-vuln.htmlhttp://secunia.com/advisories/19351http://www.osvdb.org/24065http://www.osvdb.org/24066http://www.vupen.com/english/advisories/2006/1071https://exchange.xforce.ibmcloud.com/vulnerabilities/25404
2006-03-24
Published