Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for cs-forum by comscripts
CVE-2006-3168 (GCVE-0-2006-3168)
Vulnerability from nvd – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2006-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "csforum-read-index-sql-injection(27176)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "26383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26383"
},
{
"name": "26382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "csforum-read-index-sql-injection(27176)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "26383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26383"
},
{
"name": "26382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "csforum-read-index-sql-injection(27176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "26383",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26383"
},
{
"name": "26382",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3168",
"datePublished": "2006-06-23T00:00:00.000Z",
"dateReserved": "2006-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:05.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3169 (GCVE-0-2006-3169)
Vulnerability from nvd – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2006-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "26380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26380"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "26379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "csforum-read-ajouter-xss(27175)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "26380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26380"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "26379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "csforum-read-ajouter-xss(27175)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "26380",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26380"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "26379",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26379"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "csforum-read-ajouter-xss(27175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3169",
"datePublished": "2006-06-23T00:00:00.000Z",
"dateReserved": "2006-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:05.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3170 (GCVE-0-2006-3170)
Vulnerability from nvd – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:06.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-index-path-disclosure(27178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27178"
},
{
"name": "26385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26385"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-index-path-disclosure(27178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27178"
},
{
"name": "26385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26385"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-index-path-disclosure(27178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27178"
},
{
"name": "26385",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26385"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3170",
"datePublished": "2006-06-23T00:00:00.000Z",
"dateReserved": "2006-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:06.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3171 (GCVE-0-2006-3171)
Vulnerability from nvd – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-ajouter-header-injection(27177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-ajouter-header-injection(27177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26384",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26384"
},
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-ajouter-header-injection(27177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3171",
"datePublished": "2006-06-23T00:00:00.000Z",
"dateReserved": "2006-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:05.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2006-3171
Vulnerability from fkie_nvd - Published: 2006-06-23 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| comscripts | cs-forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA30FD7-BA98-4C4C-8D52-8C55C48F4DE8",
"versionEndIncluding": "0.81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados en CS-Forum anterior a v0.82 permite a atacantes remotos inyectar cabeceras arbitrarias en correos mediante un car\u00e1cter de nueva l\u00ednea en el par\u00e1metro mail para ajouter.php"
}
],
"id": "CVE-2006-3171",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-23T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20534"
},
{
"source": "cve@mitre.org",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26384"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3168
Vulnerability from fkie_nvd - Published: 2006-06-23 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| comscripts | cs-forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA30FD7-BA98-4C4C-8D52-8C55C48F4DE8",
"versionEndIncluding": "0.81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en CS-Forum anterior a v 0.82, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3 na trav\u00e9s de los par\u00e1metros (1) id y (2) debut en (a) read.php, y los par\u00e1metros (3) search y (4) debut en (b) index.php."
}
],
"id": "CVE-2006-3168",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-23T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20534"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1124"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26382"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26383"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3169
Vulnerability from fkie_nvd - Published: 2006-06-23 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| comscripts | cs-forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA30FD7-BA98-4C4C-8D52-8C55C48F4DE8",
"versionEndIncluding": "0.81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en CS-Forum v0.81 y anteriores. Permiten a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) msg_result y (2) rep_titre de (a) read.php; los par\u00e1metros (3) id y (4) parent y los par\u00e1metros de cookie (5) CSForum_nom, (6) CSForum_mail, y (7) CSForum_url de (b) ajouter.php."
}
],
"evaluatorSolution": "Update to version 0.82.",
"id": "CVE-2006-3169",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-23T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20534"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1124"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26379"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26380"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3170
Vulnerability from fkie_nvd - Published: 2006-06-23 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| comscripts | cs-forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA30FD7-BA98-4C4C-8D52-8C55C48F4DE8",
"versionEndIncluding": "0.81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "CS-Forum antes de v0.82 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de manipulaciones no especificadas, posiblemente con par\u00e1metro collapse[] vac\u00edo o un par\u00e1metro readall a index.php, lo cual revela la ruta de instalaci\u00f3n en un mensaje de error.\r\n"
}
],
"id": "CVE-2006-3170",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-23T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20534"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1124"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26385"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27178"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2006-3168 (GCVE-0-2006-3168)
Vulnerability from cvelistv5 – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2006-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "csforum-read-index-sql-injection(27176)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "26383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26383"
},
{
"name": "26382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "csforum-read-index-sql-injection(27176)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "26383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26383"
},
{
"name": "26382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "csforum-read-index-sql-injection(27176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "26383",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26383"
},
{
"name": "26382",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3168",
"datePublished": "2006-06-23T00:00:00.000Z",
"dateReserved": "2006-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:05.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3169 (GCVE-0-2006-3169)
Vulnerability from cvelistv5 – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2006-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "26380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26380"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "26379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "csforum-read-ajouter-xss(27175)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "26380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26380"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "26379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "csforum-read-ajouter-xss(27175)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "26380",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26380"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "26379",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26379"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1124"
},
{
"name": "csforum-read-ajouter-xss(27175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3169",
"datePublished": "2006-06-23T00:00:00.000Z",
"dateReserved": "2006-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:05.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3170 (GCVE-0-2006-3170)
Vulnerability from cvelistv5 – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:06.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-index-path-disclosure(27178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27178"
},
{
"name": "26385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26385"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-index-path-disclosure(27178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27178"
},
{
"name": "26385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26385"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-index-path-disclosure(27178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27178"
},
{
"name": "26385",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26385"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "20060611 CS-Forum \u003c= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name": "1124",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3170",
"datePublished": "2006-06-23T00:00:00.000Z",
"dateReserved": "2006-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:06.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3171 (GCVE-0-2006-3171)
Vulnerability from cvelistv5 – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-ajouter-header-injection(27177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-ajouter-header-injection(27177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
},
{
"name": "ADV-2006-2314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26384",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26384"
},
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-ajouter-header-injection(27177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3171",
"datePublished": "2006-06-23T00:00:00.000Z",
"dateReserved": "2006-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:05.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}