Search...

CVE-2006-5744

2006-11-06T18:07:00

ID CVE-2006-5744
Type cve
Reporter cve@mitre.org
Modified 2018-10-17T21:44:00

Description

Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-5744", "bulletinFamily": "NVD", "title": "CVE-2006-5744", "description": "Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator.", "published": "2006-11-06T18:07:00", "modified": "2018-10-17T21:44:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5744", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/449739/100/100/threaded", "http://www.securityfocus.com/archive/1/449118/100/200/threaded", "http://www.osvdb.org/29916", "http://www.securityfocus.com/bid/20605"], "cvelist": ["CVE-2006-5744"], "type": "cve", "lastseen": "2019-05-29T18:08:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "06d7e32d225e4d2531bf3b0d0b328b24"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e20a214e50f313eacbc398b87904b8fc"}, {"key": "cpe23", "hash": "be734c0a3aa929daaf5fce96eee16f84"}, {"key": "cvelist", "hash": "c208e06cb0c92f1ce4d8bc64ea8f36f7"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "cc5482110b341649f8a097b1fab6cc47"}, {"key": "href", "hash": "da6647f0688e5a4f745783f7357316b0"}, {"key": "modified", "hash": "8012cf23a8e9c73c38ae0b0cadb5e006"}, {"key": "published", "hash": "98c9d5f1bae713e352a2d4733d5e7cd7"}, {"key": "references", "hash": "53e74eacb78642a9f656d660785d6a5b"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "7bd12306f38a9838691ffbdd06a0097f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "cef8d80d20d76a4dddfd533414f28dddadc000d0a5c5d88a34c9b503c80a711a", "viewCount": 0, "enchantments": {"score": {"value": 8.3, "vector": "NONE", "modified": "2019-05-29T18:08:34"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:29917"]}], "modified": "2019-05-29T18:08:34"}, "vulnersScore": 8.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:mobilesecure_inc:highwall_endpoint:4.0.2.11045", "cpe:/a:mobilesecure_inc:highwall_enterprise:4.0.2.11045"], "affectedSoftware": [{"name": "mobilesecure_inc highwall_enterprise", "operator": "eq", "version": "4.0.2.11045"}, {"name": "mobilesecure_inc highwall_endpoint", "operator": "eq", "version": "4.0.2.11045"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:mobilesecure_inc:highwall_enterprise:4.0.2.11045:*:*:*:*:*:*:*", "cpe:2.3:a:mobilesecure_inc:highwall_endpoint:4.0.2.11045:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Vulnerability Description\nHighwall Enterprise and Endpoint contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not sanitising unspecified variables and SSIDs before using them in a SQL query. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nHighwall Enterprise and Endpoint contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not sanitising unspecified variables and SSIDs before using them in a SQL query. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.mobilesecure.com/\nSecurity Tracker: 1017091\n[Secunia Advisory ID:22494](https://secuniaresearch.flexerasoftware.com/advisories/22494/)\n[Related OSVDB ID: 29916](https://vulners.com/osvdb/OSVDB:29916)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0423.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0370.html\nFrSIRT Advisory: ADV-2006-4132\n[CVE-2006-5409](https://vulners.com/cve/CVE-2006-5409)\n[CVE-2006-5744](https://vulners.com/cve/CVE-2006-5744)\nBugtraq ID: 20605\n", "modified": "2006-10-18T14:18:50", "published": "2006-10-18T14:18:50", "href": "https://vulners.com/osvdb/OSVDB:29917", "id": "OSVDB:29917", "title": "Highwall Multiple Unspecified SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}