Advisories
Vulnerability Database
PoC
Viruses
Research Lab

CVE-2006-5723


Published: 03-11-2006
Updated: 07-11-2006

Product:
DataparkSearch: DataparkSearch 4.42
DataparkSearch: DataparkSearch 4.37
DataparkSearch: DataparkSearch 4.36
DataparkSearch: DataparkSearch 4.35
DataparkSearch: DataparkSearch 4.34
DataparkSearch: DataparkSearch 4.33
DataparkSearch: DataparkSearch 4.32
DataparkSearch: DataparkSearch 4.31
DataparkSearch: DataparkSearch 4.30
DataparkSearch: DataparkSearch 4.29
DataparkSearch: DataparkSearch 4.28
DataparkSearch: DataparkSearch 4.27
DataparkSearch: DataparkSearch 4.26
DataparkSearch: DataparkSearch 4.25
DataparkSearch: DataparkSearch 4.24
DataparkSearch: DataparkSearch 4.23
DataparkSearch: DataparkSearch 4.22
DataparkSearch: DataparkSearch 4.21
DataparkSearch: DataparkSearch 4.20
DataparkSearch: DataparkSearch 4.19
DataparkSearch: DataparkSearch 4.18
DataparkSearch: DataparkSearch 4.17
DataparkSearch: DataparkSearch 4.16

Severity: High (7.0)

CVSS vector: (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Vulnerability type: Input validation error

Attack`s vector: Remotly exploitable

Potential loss type: Gain other access

Vulnerability description:
SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL.

Patch available: Yes

References:
http://www.dataparksearch.org/ChangeLog
BID: http://www.securityfocus.com/bid/20872
FRSIRT: http://www.frsirt.com/english/advisories/2006/4311

Cisco Security Advisory: CDS Internet Streamer: Web Server Directory Traversal Vulnerability

The Cisco Internet Streamer application contains a directory traversal vulnerability on its web serv ...

26 july, 2010

Cisco Security Advisory: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability

Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases ...

09 july, 2010

Cisco Security Advisory: Multiple vulnerabilitiesin Cisco PGW Softswitch

Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products.

13 may, 2010

MS10-045: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)

The vulnerability could allow remote code execution if a user opened an attachment in a specially c ...

13 july, 2010

MS10-044: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

This security update resolves two privately reported vulnerabilities in Microsoft Office Access Acti ...

13 july, 2010

MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)

This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver  ...

13 july, 2010

CVE-2010-2912

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.

National Vulnerability Database 28 july, 2010

CVE-2010-2911

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

National Vulnerability Database 28 july, 2010

CVE-2010-2910

SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

National Vulnerability Database 28 july, 2010

CVE-2010-2909

SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.

National Vulnerability Database 28 july, 2010

CVE-2010-2908

SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.

National Vulnerability Database 28 july, 2010

CVE-2010-2907

SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.

National Vulnerability Database 28 july, 2010

CVE-2010-2906

SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905.

National Vulnerability Database 28 july, 2010

CVE-2010-2905

SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

National Vulnerability Database 28 july, 2010

CVE-2010-2904

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

National Vulnerability Database 28 july, 2010

CVE-2010-2903

Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2902

The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2901

The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2900

Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2899

Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2898

Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.

National Vulnerability Database 28 july, 2010
Search
Sun Microsystems

This Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product

This Sun Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product.

14 april, 2010

This Alert Covers CVE-2010-0893 for the Mail Component of the Sun Convergence Product

This Alert covers CVE-2010-0893 for the mail component of the Sun Convergence product.

14 april, 2010

SunOS 5.10_x86: ucode driver patch

6905530 processor microcode code can panic when retrieving microcode revision.

02 february, 2010

Red Hat

[RHSA-2010:0567-01] Moderate: lvm2-cluster security update

Red Hat Security Advisory - Moderate: lvm2-cluster security update

28 july, 2010

[RHSA-2010:0565-01] Moderate: w3m security update

Red Hat Security Advisory - Moderate: w3m security update

27 july, 2010

[RHSA-2010:0558-01] Critical: firefox security update

Red Hat Security Advisory - Critical: firefox security update

24 july, 2010

╨ю╤

Apache Tomcat < 6.0.18 UTF8 Directory Traversal PoC

Target: Apache Tomcat тхЁёшш фю 6.0.18
Impact: Information disclosure

Zemana AntiLogger AntiLog32.sys <= 1.5.2.755 Local Privilege Escalation PoC

Target: Zemana AntiLogger AntiLog32.sys 1.5.2.755 and previous versions
Impact: Priviledge escalation

Mediacoder v0.7.3.4682 (.m3u) File Universal Buffer Overflow Exploit

Target: Mediacoder 0.7.3.4682
Impact: Code execution

AdvertismentAbout ProjectContact UsCopyrightExportRSSMy SettingsMap