CVE-2015-6519
published 2015-08-18CVE-2015-6519: SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.41%
82.1th percentile
SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arabportal | arab_portal | — | — |
| msrc | cbl2_avahi_0.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.1CRITICAL
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7c68-jr35-q3c6: SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action
ghsa_unreviewed·2022-05-17
CVE-2015-6519 [HIGH] CWE-89 GHSA-7c68-jr35-q3c6: SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action
SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.
Microsoft
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link which allows remote attackers to cause a denial of service (traff
vendor_msrc·2017-05-09·CVSS 9.1
CVE-2017-6519 [MEDIUM] CWE-346 avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link which allows remote attackers to cause a denial of service (traff
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tr
Red Hat
avahi: Multicast DNS responds to unicast queries outside of local network
vendor_redhat·2015-03-31·CVSS 5.0
CVE-2017-6519 [MEDIUM] CWE-200 avahi: Multicast DNS responds to unicast queries outside of local network
avahi: Multicast DNS responds to unicast queries outside of local network
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
A vulnerability was found in Avahi, where the avahi-daemon improperly handles responses to IPv6 unicast queries, a remote attacker could exploit this flaw by sending specially crafted port-5353 UDP packets, potentially causing a denial of service (traffic amplification) or leaking sensitive information.
Statement: This vulnerabil
No detection rules found.
No writeups or analysis indexed.
2015-08-18
Published