cvelistv5 - cve-2006-0806

CVE-2006-0806 (GCVE-0-2006-0806)

Vulnerability from cvelistv5 – Published: 2006-02-21 02:00 – Updated: 2024-08-07 16:48

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/19590	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/19555	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0664	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/452	third-party-advisoryx_refsource_SREASON
	http://www.debian.org/security/2006/dsa-1029	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/18928	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2006/dsa-1030	vendor-advisoryx_refsource_DEBIAN
	http://www.gulftech.org/?node=research&article_id…	x_refsource_MISC
	http://www.securityfocus.com/bid/16720	vdb-entryx_refsource_BID
	http://secunia.com/advisories/19591	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/425393/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2006/2021	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/19691	third-party-advisoryx_refsource_SECUNIA
	http://sourceforge.net/project/shownotes.php?rele…	x_refsource_CONFIRM
	http://www.debian.org/security/2006/dsa-1031	vendor-advisoryx_refsource_DEBIAN
	http://phpesp.cvs.sourceforge.net/phpesp/phpESP/a…	x_refsource_MISC
	http://www.osvdb.org/23362	vdb-entryx_refsource_OSVDB
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:48:55.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19590",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19590"
          },
          {
            "name": "19555",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19555"
          },
          {
            "name": "ADV-2006-0664",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0664"
          },
          {
            "name": "452",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/452"
          },
          {
            "name": "DSA-1029",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1029"
          },
          {
            "name": "18928",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18928"
          },
          {
            "name": "DSA-1030",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1030"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
          },
          {
            "name": "16720",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16720"
          },
          {
            "name": "19591",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19591"
          },
          {
            "name": "20060218 ADOdb Library Cross Site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
          },
          {
            "name": "ADV-2006-2021",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2021"
          },
          {
            "name": "19691",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19691"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
          },
          {
            "name": "DSA-1031",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1031"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
          },
          {
            "name": "23362",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/23362"
          },
          {
            "name": "GLSA-200604-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19590",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19590"
        },
        {
          "name": "19555",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19555"
        },
        {
          "name": "ADV-2006-0664",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0664"
        },
        {
          "name": "452",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/452"
        },
        {
          "name": "DSA-1029",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1029"
        },
        {
          "name": "18928",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18928"
        },
        {
          "name": "DSA-1030",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1030"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
        },
        {
          "name": "16720",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16720"
        },
        {
          "name": "19591",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19591"
        },
        {
          "name": "20060218 ADOdb Library Cross Site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
        },
        {
          "name": "ADV-2006-2021",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2021"
        },
        {
          "name": "19691",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19691"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
        },
        {
          "name": "DSA-1031",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1031"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
        },
        {
          "name": "23362",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/23362"
        },
        {
          "name": "GLSA-200604-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19590",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19590"
            },
            {
              "name": "19555",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19555"
            },
            {
              "name": "ADV-2006-0664",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0664"
            },
            {
              "name": "452",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/452"
            },
            {
              "name": "DSA-1029",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1029"
            },
            {
              "name": "18928",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18928"
            },
            {
              "name": "DSA-1030",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1030"
            },
            {
              "name": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006",
              "refsource": "MISC",
              "url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
            },
            {
              "name": "16720",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16720"
            },
            {
              "name": "19591",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19591"
            },
            {
              "name": "20060218 ADOdb Library Cross Site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
            },
            {
              "name": "ADV-2006-2021",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2021"
            },
            {
              "name": "19691",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19691"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
            },
            {
              "name": "DSA-1031",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1031"
            },
            {
              "name": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2",
              "refsource": "MISC",
              "url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
            },
            {
              "name": "23362",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/23362"
            },
            {
              "name": "GLSA-200604-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0806",
    "datePublished": "2006-02-21T02:00:00",
    "dateReserved": "2006-02-21T00:00:00",
    "dateUpdated": "2024-08-07T16:48:55.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F76566C-7F49-4725-91E6-8E2416CB7F03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02F0F5B5-86D2-48C4-872E-3F8C38AF563C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:john_lim:adodb:4.70:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F1503DB-7F84-4F33-8357-7D877529F15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:john_lim:adodb:4.71:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF5EC8B5-661B-45E1-B3C0-66CB7F493608\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.\"}]",
      "id": "CVE-2006-0806",
      "lastModified": "2024-11-21T00:07:23.030",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-02-21T02:02:00.000",
      "references": "[{\"url\": \"http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/18928\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19555\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19590\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19591\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19691\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/452\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1029\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1030\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1031\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gulftech.org/?node=research\u0026article_id=00101-02182006\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/23362\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/425393/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/16720\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/0664\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2021\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/18928\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19555\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19590\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19691\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/452\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1029\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gulftech.org/?node=research\u0026article_id=00101-02182006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/23362\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/425393/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/16720\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/0664\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0806\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-02-21T02:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F76566C-7F49-4725-91E6-8E2416CB7F03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02F0F5B5-86D2-48C4-872E-3F8C38AF563C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:john_lim:adodb:4.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F1503DB-7F84-4F33-8357-7D877529F15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:john_lim:adodb:4.71:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF5EC8B5-661B-45E1-B3C0-66CB7F493608\"}]}]}],\"references\":[{\"url\":\"http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18928\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19555\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19590\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19591\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19691\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/452\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1029\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1030\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1031\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gulftech.org/?node=research\u0026article_id=00101-02182006\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/23362\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/425393/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/16720\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/0664\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2021\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18928\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19555\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gulftech.org/?node=research\u0026article_id=00101-02182006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/23362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/425393/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/16720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/0664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2006-0806

Vulnerability from fkie_nvd - Published: 2006-02-21 02:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1&r2=1.2
cve@mitre.org	http://secunia.com/advisories/18928	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19555	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19590	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19591	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19691	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/452
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=419843&group_id=8956
cve@mitre.org	http://www.debian.org/security/2006/dsa-1029
cve@mitre.org	http://www.debian.org/security/2006/dsa-1030
cve@mitre.org	http://www.debian.org/security/2006/dsa-1031
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
cve@mitre.org	http://www.gulftech.org/?node=research&article_id=00101-02182006
cve@mitre.org	http://www.osvdb.org/23362
cve@mitre.org	http://www.securityfocus.com/archive/1/425393/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/16720
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0664	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2021	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1&r2=1.2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18928	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19555	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19590	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19591	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19691	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/452
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=419843&group_id=8956
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1029
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1030
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1031
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.gulftech.org/?node=research&article_id=00101-02182006
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/23362
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/425393/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16720
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0664	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2021	Vendor Advisory

Impacted products

Vendor	Product	Version
john_lim	adodb	4.66
john_lim	adodb	4.68
john_lim	adodb	4.70
john_lim	adodb	4.71

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F76566C-7F49-4725-91E6-8E2416CB7F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F0F5B5-86D2-48C4-872E-3F8C38AF563C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:john_lim:adodb:4.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1503DB-7F84-4F33-8357-7D877529F15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:john_lim:adodb:4.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5EC8B5-661B-45E1-B3C0-66CB7F493608",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF."
    }
  ],
  "id": "CVE-2006-0806",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-02-21T02:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18928"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19555"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19590"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19591"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19691"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/452"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1029"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1030"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1031"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/23362"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16720"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0664"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/23362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2021"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-0806

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-0806

Aliases

CVE-2006-0806

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0806",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.",
    "id": "GSD-2006-0806",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-0806.html",
      "https://www.debian.org/security/2006/dsa-1029",
      "https://www.debian.org/security/2006/dsa-1030",
      "https://www.debian.org/security/2006/dsa-1031"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0806"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.",
      "id": "GSD-2006-0806",
      "modified": "2023-12-13T01:19:50.882704Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-0806",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "19590",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19590"
          },
          {
            "name": "19555",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19555"
          },
          {
            "name": "ADV-2006-0664",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/0664"
          },
          {
            "name": "452",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/452"
          },
          {
            "name": "DSA-1029",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1029"
          },
          {
            "name": "18928",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18928"
          },
          {
            "name": "DSA-1030",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1030"
          },
          {
            "name": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006",
            "refsource": "MISC",
            "url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
          },
          {
            "name": "16720",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16720"
          },
          {
            "name": "19591",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19591"
          },
          {
            "name": "20060218 ADOdb Library Cross Site Scripting",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
          },
          {
            "name": "ADV-2006-2021",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2021"
          },
          {
            "name": "19691",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19691"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956",
            "refsource": "CONFIRM",
            "url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
          },
          {
            "name": "DSA-1031",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1031"
          },
          {
            "name": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2",
            "refsource": "MISC",
            "url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
          },
          {
            "name": "23362",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/23362"
          },
          {
            "name": "GLSA-200604-07",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:john_lim:adodb:4.71:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:john_lim:adodb:4.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0806"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
            },
            {
              "name": "16720",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/16720"
            },
            {
              "name": "18928",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18928"
            },
            {
              "name": "23362",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/23362"
            },
            {
              "name": "DSA-1029",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1029"
            },
            {
              "name": "DSA-1030",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1030"
            },
            {
              "name": "DSA-1031",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1031"
            },
            {
              "name": "19555",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19555"
            },
            {
              "name": "19590",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19590"
            },
            {
              "name": "19591",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19591"
            },
            {
              "name": "GLSA-200604-07",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
            },
            {
              "name": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2",
              "refsource": "MISC",
              "tags": [],
              "url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
            },
            {
              "name": "19691",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19691"
            },
            {
              "name": "452",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/452"
            },
            {
              "name": "ADV-2006-0664",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0664"
            },
            {
              "name": "ADV-2006-2021",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2021"
            },
            {
              "name": "20060218 ADOdb Library Cross Site Scripting",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:29Z",
      "publishedDate": "2006-02-21T02:02Z"
    }
  }
}

GHSA-44CJ-54HP-JR6F

Vulnerability from github – Published: 2022-05-01 06:42 – Updated: 2022-05-01 06:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-02-21T02:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.",
  "id": "GHSA-44cj-54hp-jr6f",
  "modified": "2022-05-01T06:42:54Z",
  "published": "2022-05-01T06:42:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0806"
    },
    {
      "type": "WEB",
      "url": "http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1\u0026r2=1.2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18928"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19555"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19590"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19591"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19691"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/452"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=419843\u0026group_id=8956"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1029"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1030"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1031"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.gulftech.org/?node=research\u0026article_id=00101-02182006"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/23362"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/425393/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16720"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0664"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-145

Vulnerability from certfr_avis - Published: - Updated:

None

Description

CACTI est un outil de supervision réseau.

Plusieurs vulnérabilités présentes sur CACTI peuvent être utilisées par un utilisateur mal intrentionné pour réaliser une attaque de type « cross site scripting », réaliser une attaque par injection SQL ou exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

CACTI versions antérieures à la version 0.8.6.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Gentoo GLSA 200604-07/Cacti du 14 avril 2006 :	-	other
Bulletin de sécurité Debian DSA 1031 du 08 avril 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCACTI versions ant\u00e9rieures \u00e0 la version  0.8.6.\u003c/p\u003e",
  "content": "## Description\n\nCACTI est un outil de supervision r\u00e9seau.\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes sur CACTI peuvent \u00eatre utilis\u00e9es par\nun utilisateur mal intrentionn\u00e9 pour r\u00e9aliser une attaque de type \u00ab\ncross site scripting \u00bb, r\u00e9aliser une attaque par injection SQL ou\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0146"
    },
    {
      "name": "CVE-2006-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0147"
    },
    {
      "name": "CVE-2006-0410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0410"
    },
    {
      "name": "CVE-2006-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0806"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200604-07/Cacti du 14    avril 2006 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1031 du 08 avril 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1031"
    }
  ],
  "reference": "CERTA-2006-AVI-145",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-04-10T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200604-07.",
      "revision_date": "2006-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Attaque de type \u00ab cross site scripting \u00bb"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s sur CACTI",
  "vendor_advisories": []
}

CERTA-2006-AVI-145

Vulnerability from certfr_avis - Published: - Updated:

None

Description

CACTI est un outil de supervision réseau.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

CACTI versions antérieures à la version 0.8.6.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Gentoo GLSA 200604-07/Cacti du 14 avril 2006 :	-	other
Bulletin de sécurité Debian DSA 1031 du 08 avril 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCACTI versions ant\u00e9rieures \u00e0 la version  0.8.6.\u003c/p\u003e",
  "content": "## Description\n\nCACTI est un outil de supervision r\u00e9seau.\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes sur CACTI peuvent \u00eatre utilis\u00e9es par\nun utilisateur mal intrentionn\u00e9 pour r\u00e9aliser une attaque de type \u00ab\ncross site scripting \u00bb, r\u00e9aliser une attaque par injection SQL ou\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0146"
    },
    {
      "name": "CVE-2006-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0147"
    },
    {
      "name": "CVE-2006-0410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0410"
    },
    {
      "name": "CVE-2006-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0806"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200604-07/Cacti du 14    avril 2006 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1031 du 08 avril 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1031"
    }
  ],
  "reference": "CERTA-2006-AVI-145",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-04-10T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200604-07.",
      "revision_date": "2006-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Attaque de type \u00ab cross site scripting \u00bb"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s sur CACTI",
  "vendor_advisories": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-0806 (GCVE-0-2006-0806)

FKIE_CVE-2006-0806

GSD-2006-0806

GHSA-44CJ-54HP-JR6F

CERTA-2006-AVI-145

Description

Solution

CERTA-2006-AVI-145

Description

Solution

Tags

Sightings

Nomenclature