CVE-2006-4427
published 2006-08-29CVE-2006-4427: index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3)…
PriorityP337medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
2.97%
85.5th percentile
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| efiction | efiction | — | — |
| efiction | efiction | — | — |
| efiction | efiction | — | — |
| efiction | efiction | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Tenable
Red Hat Compliance Audit
blogs_tenable·2006-08-31·CVSS 5.3
[MEDIUM] Red Hat Compliance Audit
Blog /
Subscribe
# Red Hat Compliance Audit
Ron Gula
August 31, 2006
0 Min Read
Tenable's research group recently added a Nessus 3 audit policy for Red Hat Linux. This allows Direct Feed users who are auditing missing security patches with SSH credentials to also ensure the system has been properly locked down.
The audit tests for several hundred different items such as the permissions of /var/log/messages and if any user accounts have poor permissions in their home directories. Audit files for Solaris, security recommendations from CERT and generic UNIX checks are also available in addition to many checks for a variety of Windows policies.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code exe
Tenable
CentOS Patch Auditing
blogs_tenable·2006-07-19·CVSS 5.3
CVE-2025-4427 [MEDIUM] CentOS Patch Auditing
Blog / Products
Subscribe
# CentOS Patch Auditing
Ron Gula
July 19, 2006
0 Min Read
Tenable is now tracking patch updates to the CentOS Linux operating system. The Nessus Direct and Registered feeds are now updated with host-based patch audits for CentOS. There are more than 200 audits currently available at the time of this post writing.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
By
Ben Smith
April 11, 2025
## Cybersecurity Snapshot: Beware of Mobile Spyware Attacks, Cyber Agencies Warn, While Corporate Boards Get Cyber Governance Guidance
Check out wh
Tenable
Detecting when Credentials Fail
blogs_tenable·2006-07-19·CVSS 5.3
[MEDIUM] Detecting when Credentials Fail
Blog / Products
Subscribe
# Detecting when Credentials Fail
Ron Gula
July 19, 2006
0 Min Read
If you are using Nessus to perform credentialed audits of UNIX or Windows systems, analyzing the results to determine if you had the correct passwords and SSH keys can be difficult. Nessus users can now easily detect if their credentials are not working. Tenable has added Nessus plugin #21745. This plugin detects if either SSH or Windows credentials didn't allow the scan to log into the remote host.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
By
Ben Smith
April 11
http://efiction.org/forums/index.php?topic=3698http://secunia.com/advisories/21625http://www.osvdb.org/28237http://www.securityfocus.com/bid/19717http://www.vupen.com/english/advisories/2006/3392https://exchange.xforce.ibmcloud.com/vulnerabilities/28595https://www.exploit-db.com/exploits/2255http://efiction.org/forums/index.php?topic=3698http://secunia.com/advisories/21625http://www.osvdb.org/28237http://www.securityfocus.com/bid/19717http://www.vupen.com/english/advisories/2006/3392https://exchange.xforce.ibmcloud.com/vulnerabilities/28595https://www.exploit-db.com/exploits/2255
2006-08-29
Published