CVE-2006-2012
published 2006-04-25CVE-2006-2012: Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.53%
87.8th percentile
Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skulltag_team | skulltag | <= 0.96f | — |
| skulltag_team | skulltag | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-68vf-2qxc-mhx7: Format string vulnerability in Skulltag 0
ghsa_unreviewed·2022-05-01
CVE-2006-2012 [MEDIUM] GHSA-68vf-2qxc-mhx7: Format string vulnerability in Skulltag 0
Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.
Red Hat
openssl: mime_param_cmp NULL dereference crash
vendor_redhat·2012-03-12·CVSS 5.0
CVE-2012-1165 [MEDIUM] CWE-476 openssl: mime_param_cmp NULL dereference crash
openssl: mime_param_cmp NULL dereference crash
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Package: openssl (Red Hat Enterprise Linux 4) - Will not fix
Package: openssl096b (Red Hat Enterprise Linux 4) - Will not fix
Package: openssl097a (Red Hat Enterprise Linux 5) - Will not fix
Package: openssl098e (Red Hat Enterprise Linux 6) - Will not fix
Package: openssl (Red Hat JBoss Enterprise Web Server 1) - Affected
Red Hat
gnutls: unknown hash algorithm NULL pointer derefence [GNUTLS-SA-2006-2]
vendor_redhat·2006-08-12·CVSS 5.0
CVE-2006-7239 [MEDIUM] CWE-476 gnutls: unknown hash algorithm NULL pointer derefence [GNUTLS-SA-2006-2]
gnutls: unknown hash algorithm NULL pointer derefence [GNUTLS-SA-2006-2]
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
Statement: This issue was addressed in Red Hat Enterprise Linux 5 via RHBA-2012:0319: https://rhn.redhat.com/errata/RHBA-2012-0319.html
It did not affect versions of gnutls as shipped with Red Hat Enterprise Linux 4 and 6.
Package: gnutls (Red Hat Enterprise Linux 4) - Not affected
Package: gnutls (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
Exploit-DB
dotProject 2.1.6 - Remote File Inclusion
exploitdb·2012-11-14
CVE-2006-0755 dotProject 2.1.6 - Remote File Inclusion
dotProject 2.1.6 - Remote File Inclusion
---
:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun \ posdub[at]gmail.com ]
[ 2012-11-13 ]
#################################################################
# [ dotProject <= 2.1.6 ] Remote File Inclusion Vulnerability #
#################################################################
#
# Script: "PHP web-based project management framework that includes modules for companies,
# projects, tasks (with Gantt charts), forums, files, calendar, contacts, tickets/helpdesk,
# multi-language support, user/module permissions and themes"
#
# Vendor: http://www.dotproject.net/
# Download: http://sourceforge.net/projects/dotproject/f
Exploit-DB
uebimiau webmail 2.7.2 - Persistent Cross-Site Scripting
exploitdb·2012-08-20
CVE-2006-0469 uebimiau webmail 2.7.2 - Persistent Cross-Site Scripting
uebimiau webmail 2.7.2 - Persistent Cross-Site Scripting
---
#!/usr/bin/python
'''
# Exploit Title: Uebimiau Webmail Stored XSS
# Date: 17/08/2012
# Exploit Author: Shai rod (@NightRang3r)
# Vendor Homepage: http://www.uebimiau.org/
# Software Link: http://www.uebimiau.org/downloads/uebimiau-2.7.2-any.zip
# Version: 2.7.2
#Gr33Tz: @aviadgolan , @benhayak, @nirgoldshlager, @roni_bachar
About the Application:
Uebimiau is an universal webmail developed in PHP by Aldoir Ventura.
It is free and can be installed in any email server.
-It runs under any System;
-It doesn't require any extra PHP modules;
-Doesn't need a database (as MySQL, PostreSQL,etc)
-Doesn't need IMAP, but compatible with POP3 and IMAP
-Compatible with the MIME Standard (send/receive text/html emails);
-Doesn't need co
Exploit-DB
RealVNC 4.1.0/4.1.1 - Authentication Bypass
exploitdb·2012-05-13·CVSS 7.5
CVE-2006-2369 [HIGH] RealVNC 4.1.0/4.1.1 - Authentication Bypass
RealVNC 4.1.0/4.1.1 - Authentication Bypass
---
# Exploit Title: RealVNC 4.1.0 and 4.1.1 Authentication Bypass Exploit
# Date: 2012-05-13
# Author: @fdiskyou
# e-mail: rui at deniable.org
# Version: 4.1.0 and 4.1.1
# Tested on: Windows XP
# CVE: CVE-2006-2369
# Requires vncviewer installed
# Basic port of hdmoore/msf2 perl version to python for fun and profit (ease of use)
import select
import thread
import os
import socket
import sys, re
BIND_ADDR = '127.0.0.1'
BIND_PORT = 4444
def pwn4ge(host, port):
socket.setdefaulttimeout(5)
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
server.connect((host, port))
except socket.error, msg:
print '[*] Could not connect to the target VNC service. Error code: ' + str(msg[0]) + ' , Error message : ' + msg[1]
sys.exit();
else:
hello
Exploit-DB
phpBookingCalendar 10 d - SQL Injection
exploitdb·2008-05-29
CVE-2006-1422 phpBookingCalendar 10 d - SQL Injection
phpBookingCalendar 10 d - SQL Injection
---
# Portal :PHP Booking Calendar 10 d (sql/upload) Exploit
# Modified 2008
# Download : https://sourceforge.net/project/showfiles.php?group_id=132702
# exploit aported password crypted
########################################
#[*] Founded & Exploited by : Stack
#[*] Contact: Ev!L =>> see down
#[*] Greetz : Houssamix & Djekmani & Jadi & iuoisn & Str0ke & All muslims HaCkeRs :)
################################################################################
# Exploit-DB Note (May 28th 2012)
# PHP Booking Calendar 10e is also affected by this
#
#
#!/usr/bin/perl -w
########################################
# * TITLE: PerlSploit Class
# * REQUIREMENTS: PHP 4 / PHP 5
# * VERSION: v.1
# * LICENSE: GNU General Public License
# * ORIGINAL URL: http://www.
Exploit-DB
SturGeoN Upload - Arbitrary File Upload
exploitdb·2006-07-01
CVE-2006-3381 SturGeoN Upload - Arbitrary File Upload
SturGeoN Upload - Arbitrary File Upload
---
source: https://www.securityfocus.com/bid/18764/info
SturGeoN Upload is prone to an arbitrary file-upload vulnerability.
An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
#!/usr/bin/perl
#
# VulnScr: SturGeoN Upload v1
# Author: Jihad BENABRA
# Download: http://rapidshare.de/files/24622338/2012_sturgeon-1.rar.html
# WTF?: http://www.comscripts.com/scripts/php.sturgeon-upload.2012.html
#
# Date: Sat July 1 10:04 2006
# Credits: Vuln and Xpl by DarkFig ([email protected])
# Advisorie: No, too short..
# Problem: Do not filter the uploaded files
# Exploit: Upload a php file
Exploit-DB
Skulltag 0.96f - Version String Remote Format String (PoC)
exploitdb·2006-04-23
CVE-2006-2012 Skulltag 0.96f - Version String Remote Format String (PoC)
Skulltag 0.96f - Version String Remote Format String (PoC)
---
#######################################################################
Luigi Auriemma
Application: Skulltag
http://www.skulltag.com
Versions: <= 0.96f
Platforms: Windows
Bug: format string
Exploitation: remote, versus server
Date: 23 Apr 2006
Author: Luigi Auriemma
e-mail: [email protected]
web: http://aluigi.altervista.org
#######################################################################
Backup: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1708.zip (04232006-skulltagfs.zip)
# milw0rm.com [2006-04-23]
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/skulltagfs-adv.txthttp://secunia.com/advisories/19767http://www.securityfocus.com/archive/1/431872/100/0/threadedhttp://www.securityfocus.com/bid/17659http://www.vupen.com/english/advisories/2006/1479https://exchange.xforce.ibmcloud.com/vulnerabilities/25988http://aluigi.altervista.org/adv/skulltagfs-adv.txthttp://secunia.com/advisories/19767http://www.securityfocus.com/archive/1/431872/100/0/threadedhttp://www.securityfocus.com/bid/17659http://www.vupen.com/english/advisories/2006/1479https://exchange.xforce.ibmcloud.com/vulnerabilities/25988
2006-04-25
Published