CVE-2006-2015
published 2006-04-25CVE-2006-2015: Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in…
PriorityP410low2.6CVSS 2.0
AVNACHAuNCNIPAN
EPSS
1.34%
67.8th percentile
Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CVE names.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| web-provence | sl_site | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6wm7-p2rv-5442: Cross-site scripting (XSS) vulnerability in SL_site 1
ghsa_unreviewed·2022-05-01
CVE-2006-2015 [LOW] GHSA-6wm7-p2rv-5442: Cross-site scripting (XSS) vulnerability in SL_site 1
Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CVE names.
Red Hat
php: pcntl_exec() accepts paths with NUL character
vendor_redhat·2015-05-14·CVSS 5.0
CVE-2015-4026 [MEDIUM] CWE-626 php: pcntl_exec() accepts paths with NUL character
php: pcntl_exec() accepts paths with NUL character
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Red Hat
php: regressions in 5.4+
vendor_redhat·2015-04-10·CVSS 5.0
CVE-2015-4025 [MEDIUM] CWE-626 php: regressions in 5.4+
php: regressions in 5.4+
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Ente
Red Hat
php: move_uploaded_file() NUL byte injection in file name
vendor_redhat·2015-03-02·CVSS 5.0
CVE-2015-2348 [MEDIUM] CWE-626 php: move_uploaded_file() NUL byte injection in file name
php: move_uploaded_file() NUL byte injection in file name
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
Statement: This issue does not affect the current php and php53 pac
No detection rules found.
http://secunia.com/advisories/19792http://securitytracker.com/id?1015972http://www.osvdb.org/24898http://www.securityfocus.com/bid/17667http://www.vupen.com/english/advisories/2006/1487https://exchange.xforce.ibmcloud.com/vulnerabilities/26038http://secunia.com/advisories/19792http://securitytracker.com/id?1015972http://www.osvdb.org/24898http://www.securityfocus.com/bid/17667http://www.vupen.com/english/advisories/2006/1487https://exchange.xforce.ibmcloud.com/vulnerabilities/26038
2006-04-25
Published