{"osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the blog.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the blog.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/blog.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28471", "id": "OSVDB:28471", "type": "osvdb", "title": "Dolphin blog.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the profile_activate.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the profile_activate.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/profile_activate.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28509", "id": "OSVDB:28509", "type": "osvdb", "title": "Dolphin profile_activate.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the search_result.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the search_result.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/search_result.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28519", "id": "OSVDB:28519", "type": "osvdb", "title": "Dolphin search_result.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the contact.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the contact.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/contact.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28480", "id": "OSVDB:28480", "type": "osvdb", "title": "Dolphin contact.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the unregister.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the unregister.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/unregister.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28528", "id": "OSVDB:28528", "type": "osvdb", "title": "Dolphin unregister.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the membership.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the membership.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/membership.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28498", "id": "OSVDB:28498", "type": "osvdb", "title": "Dolphin membership.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the rate.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the rate.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/rate.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28515", "id": "OSVDB:28515", "type": "osvdb", "title": "Dolphin rate.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the aemodule.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the aemodule.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/aemodule.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28469", "id": "OSVDB:28469", "type": "osvdb", "title": "Dolphin aemodule.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the profile_edit.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the profile_edit.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/profile_edit.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28511", "id": "OSVDB:28511", "type": "osvdb", "title": "Dolphin profile_edit.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4189"], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the profile.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the profile.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/profile.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "modified": "2006-08-14T02:49:04", "published": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28508", "id": "OSVDB:28508", "type": "osvdb", "title": "Dolphin profile.php dir[inc] Variable Remote File Inclusion", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}