Search criteria
8 vulnerabilities by john_lim
CVE-2011-3699 (GCVE-0-2011-3699)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-16 18:03
VLAI?
Summary
John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/adodb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/adodb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/adodb",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/adodb"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3699",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T18:03:57.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4976 (GCVE-0-2006-4976)
Vulnerability from cvelistv5 – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
VLAI?
Summary
The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1629",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1629"
},
{
"name": "20060914 ADOdb Date Library Full path Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445995/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1629",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1629"
},
{
"name": "20060914 ADOdb Date Library Full path Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445995/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1629",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1629"
},
{
"name": "20060914 ADOdb Date Library Full path Bugs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445995/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4976",
"datePublished": "2006-09-25T01:00:00",
"dateReserved": "2006-09-24T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2664 (GCVE-0-2004-2664)
Vulnerability from cvelistv5 – Published: 2006-09-07 00:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://phplens.com/lens/adodb/docs-adodb.htm#changes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-07T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://phplens.com/lens/adodb/docs-adodb.htm#changes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://phplens.com/lens/adodb/docs-adodb.htm#changes",
"refsource": "CONFIRM",
"url": "http://phplens.com/lens/adodb/docs-adodb.htm#changes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2664",
"datePublished": "2006-09-07T00:00:00Z",
"dateReserved": "2006-09-06T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:32.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4618 (GCVE-0-2006-4618)
Vulnerability from cvelistv5 – Published: 2006-09-07 00:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inlink-adodb-file-include(28709)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28709"
},
{
"name": "1517",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1517"
},
{
"name": "20060903 in-link \u003c=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445259/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://adodb.cvs.sourceforge.net/adodb/adodb_official/adodb-postgres7.inc.php?revision=1.1\u0026view=markup"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://prdownloads.sourceforge.net/adodb/adodb492.tgz?download"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "inlink-adodb-file-include(28709)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28709"
},
{
"name": "1517",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1517"
},
{
"name": "20060903 in-link \u003c=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445259/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://adodb.cvs.sourceforge.net/adodb/adodb_official/adodb-postgres7.inc.php?revision=1.1\u0026view=markup"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://prdownloads.sourceforge.net/adodb/adodb492.tgz?download"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inlink-adodb-file-include(28709)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28709"
},
{
"name": "1517",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1517"
},
{
"name": "20060903 in-link \u003c=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445259/100/0/threaded"
},
{
"name": "http://adodb.cvs.sourceforge.net/adodb/adodb_official/adodb-postgres7.inc.php?revision=1.1\u0026view=markup",
"refsource": "MISC",
"url": "http://adodb.cvs.sourceforge.net/adodb/adodb_official/adodb-postgres7.inc.php?revision=1.1\u0026view=markup"
},
{
"name": "http://prdownloads.sourceforge.net/adodb/adodb492.tgz?download",
"refsource": "MISC",
"url": "http://prdownloads.sourceforge.net/adodb/adodb492.tgz?download"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4618",
"datePublished": "2006-09-07T00:00:00",
"dateReserved": "2006-09-06T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0806 (GCVE-0-2006-0806)
Vulnerability from cvelistv5 – Published: 2006-02-21 02:00 – Updated: 2024-08-07 16:48
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:55.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "ADV-2006-0664",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0664"
},
{
"name": "452",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/452"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "18928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18928"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
},
{
"name": "16720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16720"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "20060218 ADOdb Library Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
},
{
"name": "ADV-2006-2021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2021"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
},
{
"name": "23362",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23362"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "ADV-2006-0664",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0664"
},
{
"name": "452",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/452"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "18928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18928"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
},
{
"name": "16720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16720"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "20060218 ADOdb Library Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
},
{
"name": "ADV-2006-2021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2021"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
},
{
"name": "23362",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23362"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "ADV-2006-0664",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0664"
},
{
"name": "452",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/452"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "18928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18928"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
},
{
"name": "16720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16720"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "20060218 ADOdb Library Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
},
{
"name": "ADV-2006-2021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2021"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2",
"refsource": "MISC",
"url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
},
{
"name": "23362",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23362"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0806",
"datePublished": "2006-02-21T02:00:00",
"dateReserved": "2006-02-21T00:00:00",
"dateUpdated": "2024-08-07T16:48:55.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0410 (GCVE-0-2006-0410)
Vulnerability from cvelistv5 – Published: 2006-01-25 02:00 – Updated: 2024-08-07 16:34
VLAI?
Summary
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "ADV-2006-0448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0448"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-0315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=387862\u0026group_id=42718"
},
{
"name": "18575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18575"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "18745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18745"
},
{
"name": "adodb-postgresql-sql-injection(24314)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24314"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "22705",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22705"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "16364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16364"
},
{
"name": "18732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18732"
},
{
"name": "GLSA-200602-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-02.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "ADV-2006-0448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0448"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-0315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=387862\u0026group_id=42718"
},
{
"name": "18575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18575"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "18745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18745"
},
{
"name": "adodb-postgresql-sql-injection(24314)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24314"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "22705",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22705"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "16364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16364"
},
{
"name": "18732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18732"
},
{
"name": "GLSA-200602-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-02.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "ADV-2006-0448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0448"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-0315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0315"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=387862\u0026group_id=42718",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=387862\u0026group_id=42718"
},
{
"name": "18575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18575"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "18745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18745"
},
{
"name": "adodb-postgresql-sql-injection(24314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24314"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "22705",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22705"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "16364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16364"
},
{
"name": "18732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18732"
},
{
"name": "GLSA-200602-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-02.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0410",
"datePublished": "2006-01-25T02:00:00",
"dateReserved": "2006-01-25T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0147 (GCVE-0-2006-0147)
Vulnerability from cvelistv5 – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0147",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0146 (GCVE-0-2006-0146)
Vulnerability from cvelistv5 – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "http://www.maxdev.com/Article550.phtml",
"refsource": "CONFIRM",
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "http://www.xaraya.com/index.php/news/569",
"refsource": "CONFIRM",
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0146",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}