CVE-2006-1749
published 2006-04-12CVE-2006-1749: PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.89%
94.0th percentile
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smartisoft | phplistpro | <= 2.01 | — |
| smartisoft | phplistpro | <= 2.0 | — |
| smartisoft | phplistpro | — | — |
| smartisoft | phplistpro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xjrv-gw67-437v: PHP remote file inclusion vulnerability in config
ghsa_unreviewed·2022-05-01
CVE-2006-1749 [HIGH] CWE-94 GHSA-xjrv-gw67-437v: PHP remote file inclusion vulnerability in config
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.
GHSA
GHSA-fp4w-r85f-ff69: Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-2323 [HIGH] GHSA-fp4w-r85f-ff69: Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749.
No detection rules found.
Bugzilla
CVE-2006-1168 Possibility to underflow a .bss buffer with attacker controlled
bugzilla·2006-08-15·CVSS 7.5
CVE-2006-1168 [HIGH] CVE-2006-1168 Possibility to underflow a .bss buffer with attacker controlled
CVE-2006-1168 Possibility to underflow a .bss buffer with attacker controlled
Fix needed for FC6
+++ This bug was initially created as a clone of Bug #201919 +++
Report from Tavis Ormandy, Google Security Team:
An audit of ncompress version 4.2.4 uncovered a serious security flaw, this loop
in decompress() (~1749, compress42.c) performs no bounds checking, allowing a
specially crafted datastream to underflow a .bss buffer with attacker controlled
data. Some research reveals that the lzw decompressors from gzip and openbsd
(both derived from the same public domain implementation) have already corrected
this flaw, however ncompress shipped by (at least) gentoo, debian, fedora and
suse seem to still be vulnerable.
while ((cmp_code_int)code >= (cmp_code_int)256)
{ /* Generate output chara
Bugzilla
CVE-2006-1168 Possibility to underflow a .bss buffer with attacker controlled data
bugzilla·2006-08-04·CVSS 7.5
CVE-2006-1168 [HIGH] CVE-2006-1168 Possibility to underflow a .bss buffer with attacker controlled data
CVE-2006-1168 Possibility to underflow a .bss buffer with attacker controlled data
Report from Tavis Ormandy, Google Security Team:
An audit of ncompress version 4.2.4 uncovered a serious security flaw, this loop
in decompress() (~1749, compress42.c) performs no bounds checking, allowing a
specially crafted datastream to underflow a .bss buffer with attacker controlled
data. Some research reveals that the lzw decompressors from gzip and openbsd
(both derived from the same public domain implementation) have already corrected
this flaw, however ncompress shipped by (at least) gentoo, debian, fedora and
suse seem to still be vulnerable.
while ((cmp_code_int)code >= (cmp_code_int)256)
{ /* Generate output characters in reverse order */
*--stackp = tab_suffixof(code);
code = tab_prefixof(cod
http://secunia.com/advisories/19625http://www.osvdb.org/24540http://www.securityfocus.com/archive/1/430614http://www.securityfocus.com/archive/1/433562/100/0/threadedhttp://www.securityfocus.com/bid/17448http://www.vupen.com/english/advisories/2006/1325https://exchange.xforce.ibmcloud.com/vulnerabilities/25760http://secunia.com/advisories/19625http://www.osvdb.org/24540http://www.securityfocus.com/archive/1/430614http://www.securityfocus.com/archive/1/433562/100/0/threadedhttp://www.securityfocus.com/bid/17448http://www.vupen.com/english/advisories/2006/1325https://exchange.xforce.ibmcloud.com/vulnerabilities/25760
2006-04-12
Published