CVE-2006-4428
published 2006-08-29CVE-2006-4428: PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template…
PriorityP427critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.34%
90.0th percentile
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jupiter_cms | jupiter_cms | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Tenable
Red Hat Compliance Audit
blogs_tenable·2006-08-31·CVSS 5.3
[MEDIUM] Red Hat Compliance Audit
Blog /
Subscribe
# Red Hat Compliance Audit
Ron Gula
August 31, 2006
0 Min Read
Tenable's research group recently added a Nessus 3 audit policy for Red Hat Linux. This allows Direct Feed users who are auditing missing security patches with SSH credentials to also ensure the system has been properly locked down.
The audit tests for several hundred different items such as the permissions of /var/log/messages and if any user accounts have poor permissions in their home directories. Audit files for Solaris, security recommendations from CERT and generic UNIX checks are also available in addition to many checks for a variety of Windows policies.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code exe
Tenable
CentOS Patch Auditing
blogs_tenable·2006-07-19·CVSS 5.3
CVE-2025-4427 [MEDIUM] CentOS Patch Auditing
Blog / Products
Subscribe
# CentOS Patch Auditing
Ron Gula
July 19, 2006
0 Min Read
Tenable is now tracking patch updates to the CentOS Linux operating system. The Nessus Direct and Registered feeds are now updated with host-based patch audits for CentOS. There are more than 200 audits currently available at the time of this post writing.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
By
Ben Smith
April 11, 2025
## Cybersecurity Snapshot: Beware of Mobile Spyware Attacks, Cyber Agencies Warn, While Corporate Boards Get Cyber Governance Guidance
Check out wh
Tenable
Detecting when Credentials Fail
blogs_tenable·2006-07-19·CVSS 5.3
[MEDIUM] Detecting when Credentials Fail
Blog / Products
Subscribe
# Detecting when Credentials Fail
Ron Gula
July 19, 2006
0 Min Read
If you are using Nessus to perform credentialed audits of UNIX or Windows systems, analyzing the results to determine if you had the correct passwords and SSH keys can be difficult. Nessus users can now easily detect if their credentials are not working. Tenable has added Nessus plugin #21745. This plugin detects if either SSH or Windows credentials didn't allow the scan to log into the remote host.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
By
Ben Smith
April 11
http://www.attrition.org/pipermail/vim/2006-August/000996.htmlhttp://www.osvdb.org/28298http://www.securityfocus.com/archive/1/444421/100/0/threadedhttp://www.securityfocus.com/archive/1/444729/100/0/threadedhttp://www.securityfocus.com/bid/19721https://exchange.xforce.ibmcloud.com/vulnerabilities/28589http://www.attrition.org/pipermail/vim/2006-August/000996.htmlhttp://www.osvdb.org/28298http://www.securityfocus.com/archive/1/444421/100/0/threadedhttp://www.securityfocus.com/archive/1/444729/100/0/threadedhttp://www.securityfocus.com/bid/19721https://exchange.xforce.ibmcloud.com/vulnerabilities/28589
2006-08-29
Published