Vulners
Lucene search
EV0138.txt
🗓️ 14 Sep 2006 00:00:00Reported by Aliaksandr HartsuyeuType 
packetstorm🔗 packetstormsecurity.com👁 37 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2006-4503 | 31 Aug 200622:00 | – | cve |
| CVE-2006-4504 | 31 Aug 200622:00 | – | cve |
| CVE-2006-4505 | 31 Aug 200622:00 | – | cve |
 | CVE-2006-4503 | 31 Aug 200622:00 | – | cvelist |
| CVE-2006-4504 | 31 Aug 200622:00 | – | cvelist |
| CVE-2006-4505 | 31 Aug 200622:00 | – | cvelist |
 | EUVD-2006-4491 | 7 Oct 202500:30 | – | euvd |
| EUVD-2006-4492 | 7 Oct 202500:30 | – | euvd |
| EUVD-2006-4493 | 7 Oct 202500:30 | – | euvd |
 | CVE-2006-4503 | 31 Aug 200622:04 | – | nvd |
10
`New eVuln Advisory:
NX5Linkx Multiple Vulnerabilities
http://evuln.com/vulns/138/summary.html
--------------------Summary----------------
eVuln ID: EV0138
CVE: CVE-2006-4503 CVE-2006-4504 CVE-2006-4505
Vendor: NX5
Vendor's Web Site: http://nx5ware.nx5.org/
Software: NX5Linkx
Sowtware's Web Site: http://nx5ware.nx5.org/links.php
Versions: 1.0
Critical Level: Dangerous
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
-----------------Description---------------
1. Arbitrary file disclosure Vulnerability
Vulnerable script: link.php
Parameter logo is not properly sanitized. It used as full local path to
logo filename. Script do the copy of this file in logos directory. This
directory is available from the web.
This can be used to read arbitrary files.
2. Multiple SQL Injections.
Vulnerable scripts: The name of those scripts are defined by webmaster.
First - (a) displays links list. Second - (b) "out" script which do the
redirections when someone clicks on link
Parameters c(script "a"), l(script "b") are not properly sanitized
before being used in SQL query. This can be used to make any SQL query
or make a HTTP response-splitting attack by injecting arbitrary SQL
code.
Condition: magic_quotes_gpc = off
3. HTTP Response Splitting.
Vulnerable Script: link.php
Parameter url is not properly sanitized. This can be used to make HTTP
Response Splitting attack.
--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/138/exploit.html
1. Arbitrary file disclosure Example.
URL: http://host/link.php
Logo URL: /etc/passwd
This file can be downloaded using the link:
http://host/logos/N.
N - ID of the link
2. SQL Injection Examples.
http://host/links.php? c=999'% 20union%20select% 201,222/*
http://host/out.php? l=999' union select 1,1,'http://google.com', 1,1,1,1/*
3. HTTP Response Splitting.
URL: http://host/link.php
URL(in form): http://host.com% 0D%0A%0D%0AHTTP/1.0 200 OK%0D%0A%0D% 0A.......
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Sep 2006 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.07942