cvelistv5 - cve-2005-1006

CVE-2005-1006 (GCVE-0-2005-1006)

Vulnerability from cvelistv5 – Published: 2005-04-07 04:00 – Updated: 2024-08-07 21:35

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.oliverkarow.de/research/SonicWall.txt	x_refsource_MISC
	http://secunia.com/advisories/14823	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.osvdb.org/15261	vdb-entryx_refsource_OSVDB
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/12984	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1013638	vdb-entryx_refsource_SECTRACK
	http://www.osvdb.org/15262	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:35:59.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oliverkarow.de/research/SonicWall.txt"
          },
          {
            "name": "14823",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14823"
          },
          {
            "name": "sonicwall-username-code-execution(19960)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
          },
          {
            "name": "15261",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/15261"
          },
          {
            "name": "20050404 SonicWALL SOHO/10 - XSS vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
          },
          {
            "name": "12984",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12984"
          },
          {
            "name": "sonicwall-http-get-requests-xss(19958)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
          },
          {
            "name": "1013638",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013638"
          },
          {
            "name": "15262",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/15262"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oliverkarow.de/research/SonicWall.txt"
        },
        {
          "name": "14823",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14823"
        },
        {
          "name": "sonicwall-username-code-execution(19960)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
        },
        {
          "name": "15261",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/15261"
        },
        {
          "name": "20050404 SonicWALL SOHO/10 - XSS vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
        },
        {
          "name": "12984",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12984"
        },
        {
          "name": "sonicwall-http-get-requests-xss(19958)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
        },
        {
          "name": "1013638",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013638"
        },
        {
          "name": "15262",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/15262"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1006",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oliverkarow.de/research/SonicWall.txt",
              "refsource": "MISC",
              "url": "http://www.oliverkarow.de/research/SonicWall.txt"
            },
            {
              "name": "14823",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14823"
            },
            {
              "name": "sonicwall-username-code-execution(19960)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
            },
            {
              "name": "15261",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/15261"
            },
            {
              "name": "20050404 SonicWALL SOHO/10 - XSS vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
            },
            {
              "name": "12984",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12984"
            },
            {
              "name": "sonicwall-http-get-requests-xss(19958)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
            },
            {
              "name": "1013638",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013638"
            },
            {
              "name": "15262",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/15262"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1006",
    "datePublished": "2005-04-07T04:00:00",
    "dateReserved": "2005-04-07T00:00:00",
    "dateUpdated": "2024-08-07T21:35:59.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:soho_firmware:5.1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC4093B4-2F11-4368-AE43-208025118BAF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6B6B3FD-428E-4D6C-8C45-172CF4FB430D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.\"}]",
      "id": "CVE-2005-1006",
      "lastModified": "2024-11-20T23:56:23.390",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2005-05-02T04:00:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/14823\", \"source\": \"cve@mitre.org\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://securitytracker.com/id?1013638\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.oliverkarow.de/research/SonicWall.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.osvdb.org/15261\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.osvdb.org/15262\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/12984\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/19958\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/19960\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/14823\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://securitytracker.com/id?1013638\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.oliverkarow.de/research/SonicWall.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.osvdb.org/15261\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.osvdb.org/15262\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/12984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/19958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/19960\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-1006\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-05-02T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:soho_firmware:5.1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC4093B4-2F11-4368-AE43-208025118BAF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6B6B3FD-428E-4D6C-8C45-172CF4FB430D\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/14823\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://securitytracker.com/id?1013638\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.oliverkarow.de/research/SonicWall.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/15261\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.osvdb.org/15262\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/12984\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/19958\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/19960\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/14823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://securitytracker.com/id?1013638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.oliverkarow.de/research/SonicWall.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/15261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.osvdb.org/15262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/12984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/19958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/19960\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

VAR-200505-1057

Vulnerability from variot - Updated: 2023-12-18 12:13

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. Multiple remote input validation vulnerabilities affect SonicWALL SOHO. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. Specifically a cross-site scripting issue and an HTML injection issue affect the vulnerable device. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, potentially leading to a compromise of the affected device. SonicWALL Pro 230 firmware 6.5.0.3 is reported vulnerable to these issues as well. SonicWALL SOHO is a tool that provides network INTERNET security connection.

Want a new IT Security job?

Vacant positions at Secunia: http://secunia.com/secunia_vacancies/

TITLE: SonicWALL SOHO series Cross-Site Scripting and Script Injection

SECUNIA ADVISORY ID: SA14823

VERIFY ADVISORY: http://secunia.com/advisories/14823/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE:

From remote

OPERATING SYSTEM: SonicWALL SOHO series http://secunia.com/product/223/

DESCRIPTION: Oliver Karow has reported two vulnerabilities in SonicWALL SOHO series, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.

1) Input passed in the URL path is not properly sanitised before being returned to the user.

Example: http://[host]/[code]

2) Input passed to the username in the login page is not properly sanitised before being used. Other versions may also be affected.

SOLUTION: Restrict access to the web interface to prevent the script insertion vulnerability.

PROVIDED AND/OR DISCOVERED BY: Oliver Karow

ORIGINAL ADVISORY: http://www.oliverkarow.de/research/SonicWall.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200505-1057",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "soho",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sonicwall",
        "version": "5.1.7.0"
      },
      {
        "model": "pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sonicwall",
        "version": "2306.5.0.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "12984"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:soho_firmware:5.1.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1006"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oliver Karow  Oliver.karow@gmx.de",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-1006",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-12215",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-1006",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200505-320",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-12215",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12215"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. Multiple remote input validation vulnerabilities affect SonicWALL SOHO.  These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. \nSpecifically a cross-site scripting issue and an HTML injection issue affect the vulnerable device. \nAn attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user.  This may facilitate the theft of cookie-based authentication credentials as well as other attacks, potentially leading to a compromise of the affected device. \nSonicWALL Pro 230 firmware 6.5.0.3 is reported vulnerable to these issues as well. SonicWALL SOHO is a tool that provides network INTERNET security connection. \n----------------------------------------------------------------------\n\nWant a new IT Security job?\n\nVacant positions at Secunia:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nSonicWALL SOHO series Cross-Site Scripting and Script Injection\n\nSECUNIA ADVISORY ID:\nSA14823\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/14823/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nSonicWALL SOHO series\nhttp://secunia.com/product/223/\n\nDESCRIPTION:\nOliver Karow has reported two vulnerabilities in SonicWALL SOHO\nseries, which can be exploited by malicious people to conduct\ncross-site scripting and script insertion attacks. \n\n1) Input passed in the URL path is not properly sanitised before\nbeing returned to the user. \n\nExample:\nhttp://[host]/[code]\n\n2) Input passed to the username in the login page is not properly\nsanitised before being used. Other versions may also be affected. \n\nSOLUTION:\nRestrict access to the web interface to prevent the script insertion\nvulnerability. \n\nPROVIDED AND/OR DISCOVERED BY:\nOliver Karow\n\nORIGINAL ADVISORY:\nhttp://www.oliverkarow.de/research/SonicWall.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1006"
      },
      {
        "db": "BID",
        "id": "12984"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12215"
      },
      {
        "db": "PACKETSTORM",
        "id": "36968"
      }
    ],
    "trust": 1.35
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-12215",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12215"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2005-1006",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "12984",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "14823",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "15262",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "15261",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1013638",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-78994",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "25331",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-12215",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "36968",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12215"
      },
      {
        "db": "BID",
        "id": "12984"
      },
      {
        "db": "PACKETSTORM",
        "id": "36968"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ]
  },
  "id": "VAR-200505-1057",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12215"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:13:35.831000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SonicWALL SOHO Web Fixes for Remote Input Validation Error Vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=197203"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1006"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.oliverkarow.de/research/sonicwall.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/12984"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/15261"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/15262"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1013638"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/14823"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
      },
      {
        "trust": 0.3,
        "url": "http://www.sonicwall.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/394869"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/14823/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/223/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://[host]/[code]"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12215"
      },
      {
        "db": "BID",
        "id": "12984"
      },
      {
        "db": "PACKETSTORM",
        "id": "36968"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-12215"
      },
      {
        "db": "BID",
        "id": "12984"
      },
      {
        "db": "PACKETSTORM",
        "id": "36968"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12215"
      },
      {
        "date": "2005-04-04T00:00:00",
        "db": "BID",
        "id": "12984"
      },
      {
        "date": "2005-04-17T06:53:52",
        "db": "PACKETSTORM",
        "id": "36968"
      },
      {
        "date": "2005-05-02T04:00:00",
        "db": "NVD",
        "id": "CVE-2005-1006"
      },
      {
        "date": "2005-04-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12215"
      },
      {
        "date": "2009-07-12T11:56:00",
        "db": "BID",
        "id": "12984"
      },
      {
        "date": "2022-06-23T16:42:59.087000",
        "db": "NVD",
        "id": "CVE-2005-1006"
      },
      {
        "date": "2022-06-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SonicWALL SOHO Web Remote Input Validation Error Vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "36968"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-320"
      }
    ],
    "trust": 0.7
  }
}

FKIE_CVE-2005-1006

Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html	Broken Link, Exploit
cve@mitre.org	http://secunia.com/advisories/14823	Not Applicable
cve@mitre.org	http://securitytracker.com/id?1013638	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.oliverkarow.de/research/SonicWall.txt	Exploit, Third Party Advisory
cve@mitre.org	http://www.osvdb.org/15261	Broken Link
cve@mitre.org	http://www.osvdb.org/15262	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/12984	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/19958	Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/19960	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html	Broken Link, Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/14823	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1013638	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.oliverkarow.de/research/SonicWall.txt	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/15261	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/15262	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/12984	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/19958	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/19960	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	sonicwall	soho_firmware	5.1.7.0
	sonicwall	soho	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:soho_firmware:5.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC4093B4-2F11-4368-AE43-208025118BAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B6B3FD-428E-4D6C-8C45-172CF4FB430D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file."
    }
  ],
  "id": "CVE-2005-1006",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/14823"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1013638"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://www.oliverkarow.de/research/SonicWall.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/15261"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/15262"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/12984"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/14823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1013638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://www.oliverkarow.de/research/SonicWall.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/15261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/15262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/12984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2005-1006

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2005-1006

Aliases

CVE-2005-1006

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-1006",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.",
    "id": "GSD-2005-1006"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-1006"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.",
      "id": "GSD-2005-1006",
      "modified": "2023-12-13T01:20:11.031321Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-1006",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.oliverkarow.de/research/SonicWall.txt",
            "refsource": "MISC",
            "url": "http://www.oliverkarow.de/research/SonicWall.txt"
          },
          {
            "name": "14823",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/14823"
          },
          {
            "name": "sonicwall-username-code-execution(19960)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
          },
          {
            "name": "15261",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/15261"
          },
          {
            "name": "20050404 SonicWALL SOHO/10 - XSS vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
          },
          {
            "name": "12984",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/12984"
          },
          {
            "name": "sonicwall-http-get-requests-xss(19958)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
          },
          {
            "name": "1013638",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1013638"
          },
          {
            "name": "15262",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/15262"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:soho_firmware:5.1.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1006"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20050404 SonicWALL SOHO/10 - XSS vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [
                "Broken Link",
                "Exploit"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
            },
            {
              "name": "http://www.oliverkarow.de/research/SonicWall.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://www.oliverkarow.de/research/SonicWall.txt"
            },
            {
              "name": "12984",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/12984"
            },
            {
              "name": "1013638",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1013638"
            },
            {
              "name": "14823",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/14823"
            },
            {
              "name": "15261",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/15261"
            },
            {
              "name": "15262",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/15262"
            },
            {
              "name": "sonicwall-username-code-execution(19960)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
            },
            {
              "name": "sonicwall-http-get-requests-xss(19958)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2022-06-23T16:42Z",
      "publishedDate": "2005-05-02T04:00Z"
    }
  }
}

GHSA-5VM7-H3W5-4WCM

Vulnerability from github – Published: 2022-05-01 01:54 – Updated: 2022-05-01 01:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-1006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-05-02T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.",
  "id": "GHSA-5vm7-h3w5-4wcm",
  "modified": "2022-05-01T01:54:17Z",
  "published": "2022-05-01T01:54:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1006"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/14823"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1013638"
    },
    {
      "type": "WEB",
      "url": "http://www.oliverkarow.de/research/SonicWall.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/15261"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/15262"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/12984"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-1006 (GCVE-0-2005-1006)

VAR-200505-1057

FKIE_CVE-2005-1006

GSD-2005-1006

GHSA-5VM7-H3W5-4WCM

Tags

Sightings

Nomenclature