CVE-2006-4158
published 2006-08-16CVE-2006-4158: PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page…
PriorityP338medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
3.02%
85.8th percentile
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spaminator | spaminator | <= 1.7 | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mxmf-28wh-c677: PHP remote file inclusion vulnerability in Login
ghsa_unreviewed·2022-05-01
CVE-2006-4158 [MEDIUM] GHSA-mxmf-28wh-c677: PHP remote file inclusion vulnerability in Login
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2004-1051 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
Statement: We do not consider this to be a security issue:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2005-4158 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Statement: We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2006-0151 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
Statement: We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/21469http://www.osvdb.org/27893http://www.securityfocus.com/bid/19466http://www.vupen.com/english/advisories/2006/3256https://exchange.xforce.ibmcloud.com/vulnerabilities/28312https://www.exploit-db.com/exploits/2165http://secunia.com/advisories/21469http://www.osvdb.org/27893http://www.securityfocus.com/bid/19466http://www.vupen.com/english/advisories/2006/3256https://exchange.xforce.ibmcloud.com/vulnerabilities/28312https://www.exploit-db.com/exploits/2165
2006-08-16
Published