CVE-2006-2018
published 2006-04-25CVE-2006-2018: SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.18%
63.9th percentile
SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-92p6-r57c-hr4v: SQL injection vulnerability in calendar
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2006-2018 [MEDIUM] GHSA-92p6-r57c-hr4v: SQL injection vulnerability in calendar
SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.
Red Hat
strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
vendor_redhat·2018-09-24·CVSS 5.0
CVE-2018-16152 [MEDIUM] CWE-287 strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
Package: strongimcv (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-16152 strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
bugzilla·2018-10-03·CVSS 5.0
CVE-2018-16152 [MEDIUM] CVE-2018-16152 strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
CVE-2018-16152 strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
A flaw was found in strongSwan 4.x and 5.x before 5.7.0. In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
References:
https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
Discussion:
Created strongswan tracking bugs
Bugzilla
CVE-2018-10245 awstats: Full path disclosure vulnerability allows attackers to disclose location of config file
bugzilla·2018-04-26·CVSS 5.0
CVE-2018-10245 [MEDIUM] CVE-2018-10245 awstats: Full path disclosure vulnerability allows attackers to disclose location of config file
CVE-2018-10245 awstats: Full path disclosure vulnerability allows attackers to disclose location of config file
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
References:
https://github.com/theyiyibest/AWStatsFullPathDisclosure
Discussion:
Created awstats tracking bugs for this issue:
Affects: fedora-all [bug 1572134]
Affects: epel-all [bug 1572135]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those
2006-04-25
Published