CVE-2006-1918
published 2006-04-20CVE-2006-1918: Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to…
PriorityP414low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
1.71%
74.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| papoo | papoo | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
Multiple tar issues (CVE-2005-1918, CVE-2006-0300)
bugzilla·2006-03-02·CVSS 5.0
CVE-2005-1918 [MEDIUM] Multiple tar issues (CVE-2005-1918, CVE-2006-0300)
Multiple tar issues (CVE-2005-1918, CVE-2006-0300)
There are two separate issues that affect different subsets of our products.
I. RHL 7.3, RHL 9, FC1 & FC2: tar archive path traversal issue
CVE-2005-1918: "The original patch for a GNU tar directory traversal
vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses
an 'incorrect optimization' that allows user-complicit attackers to over-
write arbitrary files via a crafted tar file, probably involving '/../'
sequences with a leading '/'."
This vulnerability appears to only affect tar-1.13.25 releases, which
these four distros use.
Red Hat issued RHSA-2006:0195-01 for RHEL 2.1 and RHEL 3:
"In 2002, a path traversal flaw was found in the way GNU tar extracted
archives. A malicious user could create a tar archive that cou
Bugzilla
CVE-2005-1918 tar archive path traversal issue
bugzilla·2004-11-23·CVSS 2.6
CVE-2005-1918 [LOW] CVE-2005-1918 tar archive path traversal issue
CVE-2005-1918 tar archive path traversal issue
Placeholder for RHEL2.1 issue.
See bug 140589 for more information.
Discussion:
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0195.html
2006-04-20
Published