CVE-2006-4704
published 2006-11-01CVE-2006-4704: Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio…
PriorityP267medium6.8CVSS 2.0
AVNACMAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
42.85%
98.5th percentile
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_studio_net | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect instantiation of the WMIScriptUtils.WMIObjectBroker2.1 ActiveX control via CLSID {7F5B7F63-F06F-4331-8A26-339E03C0AE3D} in browser context, which is the direct indicator of CVE-2006-4704 exploitation. ↗
- →The Incognito exploit kit uses this vulnerability as Step 0 (entry point) to initialize objects for vulnerable ActiveX controls and inject a malicious file via function 'gr'; look for multi-stage exploit kit traffic combining CVE-2006-4704 with CVE-2010-1423 (Java Deployment Toolkit) and malicious PDF iframes. ↗
- →The Metasploit module for this CVE delivers a payload EXE by writing it to %TEMP%\<random>.exe via ADODB.Stream and executing it with WScript.Shell; monitor for ADODB.Stream SaveToFile calls followed by WScript.Shell Run from Internet Explorer child processes. ↗
- →The exploit uses obfuscated JavaScript with split string concatenation (e.g. 'W'+'Sc'+'ri'+'pt'+'.'+'S'+'he'+'ll') to instantiate WScript.Shell and ADODB.Stream; detect this pattern in script content delivered to IE. ↗
- →Monitor for the Incognito exploit kit URL patterns (common URL patterns remain consistent within the kit) and cross-reference with malwaredomainlist; the kit also injects iframes pointing to malicious PDFs. ↗
- ·The Metasploit module caps the vulnerable IE user-agent maximum version at 6.1 to avoid triggering the IE7/8 popup behavior; detections scoped to UA version may miss edge cases in badly misconfigured IE7/8 environments. ↗
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption (VU#854856 / Nessus ID 23836)
vuldb·2026-04-26·CVSS 6.8
CVE-2006-4704 [MEDIUM] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption (VU#854856 / Nessus ID 23836)
A vulnerability described as critical has been identified in Microsoft Visual Studio .net 2005. Affected by this vulnerability is an unknown functionality in the library wmiscriptutils.dll of the component ActiveX Control. The manipulation results in memory corruption.
This vulnerability is identified as CVE-2006-4704. The attack can be executed remotely. Additionally, an exploit exists.
A patch should be applied to remediate this issue.
GHSA
GHSA-c2c7-569v-pv4f: Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils
ghsa_unreviewed·2022-05-01
CVE-2006-4704 [MEDIUM] GHSA-c2c7-569v-pv4f: Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
VulnCheck
Microsoft Visual Studio 2005 WMI Object Broker Vulnerability
vulncheck·2006·CVSS 6.8
CVE-2006-4704 [MEDIUM] Microsoft Visual Studio 2005 WMI Object Broker Vulnerability
Microsoft Visual Studio 2005 WMI Object Broker Vulnerability
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
Affected: Microsoft visual_studio
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073; https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ASCII
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ASCII"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007310; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001,
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid SELECT"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"uid="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007312; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA000
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid SELECT"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"uid="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007324; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ASCII
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ASCII"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007298; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id DELETE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id DELETE"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007303; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid INSERT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid INSERT"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"uid="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007326; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid INSERT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid INSERT"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"uid="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007320; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid DELETE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid DELETE"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"uid="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007315; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA000
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id DELETE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id DELETE"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007309; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001,
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UPDATE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UPDATE"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"uid="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007323; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitr
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UNION SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UNION SELECT"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"uid="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007325; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_i
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UNION SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UNION SELECT"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"uid="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007319; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_i
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id SELECT"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007294; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid INSERT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid INSERT"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"uid="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007314; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA000
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UPDATE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UPDATE"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007305; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_t
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id INSERT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id INSERT"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007302; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id SELECT"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007306; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001,
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UPDATE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UPDATE"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"uid="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007317; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UPDATE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UPDATE"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007311; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, m
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id INSERT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id INSERT"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007308; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001,
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ASCII
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ASCII"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"uid="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007328; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id DELETE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id DELETE"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007297; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid DELETE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid DELETE"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"uid="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007327; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ASCII
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ASCII"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"uid="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007322; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id INSERT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id INSERT"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007296; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UNION SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UNION SELECT"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"uid="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007313; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id SELECT"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007300; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid SELECT"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"uid="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007318; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid DELETE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid DELETE"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"uid="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007321; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UNION SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UNION SELECT"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007301; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UNION SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UNION SELECT"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007307; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tacti
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UPDATE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UPDATE"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"uid="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007329; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitr
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ASCII
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ASCII"; flow:established,to_server; http.uri; content:"/forgotpass.asp?"; nocase; content:"uid="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007316; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA000
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ASCII
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ASCII"; flow:established,to_server; http.uri; content:"/inout/update.asp?"; nocase; content:"id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007304; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UPDATE
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UPDATE"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007299; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_t
Suricata
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6161 [HIGH] ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UNION SELECT
ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UNION SELECT"; flow:established,to_server; http.uri; content:"/inout/status.asp?"; nocase; content:"id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6161; reference:url,www.frsirt.com/english/advisories/2006/4704; classtype:web-application-attack; sid:2007295; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id T
Exploit-DB
Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)
exploitdb·2010-09-20
CVE-2006-4704 Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)
Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)
---
##
# $Id: ie_createobject.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 HttpClients::IE,
# In badly misconfigured situations, IE7 and 8 could be vulnerable to
# this, but by default they throw an ugly popup that stops all script
# execution until the user deals with it and aborts everything if they
# click "no". Not worth the risk of being unable to try more recent
# exploits. Make sure service packs on t
Metasploit
MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
metasploit
MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
This module exploits a generic code execution vulnerability in Internet Explorer by abusing vulnerable ActiveX objects.
Zscaler
Blackhole Exploit Kit V2 On The Rise | Zscaler
blogs_zscaler·2012-10-19
Blackhole Exploit Kit V2 On The Rise | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
Incognito Exploit Kit | Zscaler
blogs_zscaler·2011-06-14
Incognito Exploit Kit | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspxhttp://research.eeye.com/html/alerts/zeroday/20061031.htmlhttp://secunia.com/advisories/22603http://securitytracker.com/id?1017142http://www.kb.cert.org/vuls/id/854856http://www.microsoft.com/technet/security/advisory/927709.mspxhttp://www.securityfocus.com/archive/1/454201/100/0/threadedhttp://www.securityfocus.com/archive/1/454969/100/200/threadedhttp://www.securityfocus.com/bid/20797http://www.securityfocus.com/bid/20843http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdfhttp://www.us-cert.gov/cas/techalerts/TA06-346A.htmlhttp://www.vupen.com/english/advisories/2006/4282http://www.zerodayinitiative.com/advisories/ZDI-06-047.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073https://exchange.xforce.ibmcloud.com/vulnerabilities/29915https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspxhttp://research.eeye.com/html/alerts/zeroday/20061031.htmlhttp://secunia.com/advisories/22603http://securitytracker.com/id?1017142http://www.kb.cert.org/vuls/id/854856http://www.microsoft.com/technet/security/advisory/927709.mspxhttp://www.securityfocus.com/archive/1/454201/100/0/threadedhttp://www.securityfocus.com/archive/1/454969/100/200/threadedhttp://www.securityfocus.com/bid/20797http://www.securityfocus.com/bid/20843http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdfhttp://www.us-cert.gov/cas/techalerts/TA06-346A.htmlhttp://www.vupen.com/english/advisories/2006/4282http://www.zerodayinitiative.com/advisories/ZDI-06-047.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073https://exchange.xforce.ibmcloud.com/vulnerabilities/29915https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288
2006-11-01
Published
Exploited in the wild