Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by enthrallweb
CVE-2009-0252 (GCVE-0-2009-0252)
Vulnerability from cvelistv5 – Published: 2009-01-22 16:00 – Updated: 2024-08-07 04:24
VLAI
Summary
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/33578 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/51456 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/33321 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/7801 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33578"
},
{
"name": "51456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51456"
},
{
"name": "33321",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33321"
},
{
"name": "ereservations-login-sql-injection(48062)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48062"
},
{
"name": "7801",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33578"
},
{
"name": "51456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51456"
},
{
"name": "33321",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33321"
},
{
"name": "ereservations-login-sql-injection(48062)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48062"
},
{
"name": "7801",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33578"
},
{
"name": "51456",
"refsource": "OSVDB",
"url": "http://osvdb.org/51456"
},
{
"name": "33321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33321"
},
{
"name": "ereservations-login-sql-injection(48062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48062"
},
{
"name": "7801",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0252",
"datePublished": "2009-01-22T16:00:00.000Z",
"dateReserved": "2009-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:24:18.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6822 (GCVE-0-2006-6822)
Vulnerability from cvelistv5 – Published: 2006-12-29 11:00 – Updated: 2024-08-07 20:42
VLAI
Summary
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/2994 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2006/5154 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/21739 | vdb-entryx_refsource_BID |
Date Public
2006-12-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:06.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2994",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2994"
},
{
"name": "ADV-2006-5154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5154"
},
{
"name": "21739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account\u0027s username in a modified MM_recordId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2994",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2994"
},
{
"name": "ADV-2006-5154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5154"
},
{
"name": "21739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account\u0027s username in a modified MM_recordId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2994",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2994"
},
{
"name": "ADV-2006-5154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5154"
},
{
"name": "21739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6822",
"datePublished": "2006-12-29T11:00:00.000Z",
"dateReserved": "2006-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:06.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6820 (GCVE-0-2006-6820)
Vulnerability from cvelistv5 – Published: 2006-12-29 11:00 – Updated: 2024-08-07 20:42
VLAI
Summary
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/5155 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/2995 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/23517 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/21739 | vdb-entryx_refsource_BID |
Date Public
2006-12-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-5155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5155"
},
{
"name": "2995",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2995"
},
{
"name": "23517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23517"
},
{
"name": "21739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account\u0027s username in a modified MM_recordId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-5155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5155"
},
{
"name": "2995",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2995"
},
{
"name": "23517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23517"
},
{
"name": "21739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account\u0027s username in a modified MM_recordId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5155",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5155"
},
{
"name": "2995",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2995"
},
{
"name": "23517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23517"
},
{
"name": "21739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6820",
"datePublished": "2006-12-29T11:00:00.000Z",
"dateReserved": "2006-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:07.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6821 (GCVE-0-2006-6821)
Vulnerability from cvelistv5 – Published: 2006-12-29 11:00 – Updated: 2024-08-07 20:42
VLAI
Summary
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/5156 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/2996 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/21739 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/23518 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-12-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-5156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5156"
},
{
"name": "2996",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2996"
},
{
"name": "21739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21739"
},
{
"name": "23518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account\u0027s username in a modified MM_recordId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-5156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5156"
},
{
"name": "2996",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2996"
},
{
"name": "21739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21739"
},
{
"name": "23518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account\u0027s username in a modified MM_recordId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5156",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5156"
},
{
"name": "2996",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2996"
},
{
"name": "21739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21739"
},
{
"name": "23518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6821",
"datePublished": "2006-12-29T11:00:00.000Z",
"dateReserved": "2006-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:07.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6805 (GCVE-0-2006-6805)
Vulnerability from cvelistv5 – Published: 2006-12-28 21:00 – Updated: 2024-08-07 20:42
VLAI
Summary
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/5157 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/23520 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/2988 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:06.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-5157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5157"
},
{
"name": "23520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23520"
},
{
"name": "2988",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-5157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5157"
},
{
"name": "23520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23520"
},
{
"name": "2988",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5157"
},
{
"name": "23520",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23520"
},
{
"name": "2988",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6805",
"datePublished": "2006-12-28T21:00:00.000Z",
"dateReserved": "2006-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:06.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6802 (GCVE-0-2006-6802)
Vulnerability from cvelistv5 – Published: 2006-12-28 21:00 – Updated: 2024-08-07 20:42
VLAI
Summary
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/5159 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/2991 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/21750 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/23522 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-5159",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5159"
},
{
"name": "2991",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2991"
},
{
"name": "21750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21750"
},
{
"name": "23522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-5159",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5159"
},
{
"name": "2991",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2991"
},
{
"name": "21750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21750"
},
{
"name": "23522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5159",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5159"
},
{
"name": "2991",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2991"
},
{
"name": "21750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21750"
},
{
"name": "23522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6802",
"datePublished": "2006-12-28T21:00:00.000Z",
"dateReserved": "2006-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:07.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6806 (GCVE-0-2006-6806)
Vulnerability from cvelistv5 – Published: 2006-12-28 21:00 – Updated: 2024-08-07 20:42
VLAI
Summary
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/2990 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2006/5158 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/23521 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2990"
},
{
"name": "ADV-2006-5158",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5158"
},
{
"name": "23521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2990"
},
{
"name": "ADV-2006-5158",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5158"
},
{
"name": "23521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23521"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2990"
},
{
"name": "ADV-2006-5158",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5158"
},
{
"name": "23521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23521"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6806",
"datePublished": "2006-12-28T21:00:00.000Z",
"dateReserved": "2006-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:07.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6804 (GCVE-0-2006-6804)
Vulnerability from cvelistv5 – Published: 2006-12-28 21:00 – Updated: 2024-08-07 20:42
VLAI
Summary
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/2992 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/23523 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/21747 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/5152 | vdb-entryx_refsource_VUPEN |
Date Public
2006-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2992"
},
{
"name": "23523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23523"
},
{
"name": "21747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21747"
},
{
"name": "ADV-2006-5152",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2992"
},
{
"name": "23523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23523"
},
{
"name": "21747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21747"
},
{
"name": "ADV-2006-5152",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2992"
},
{
"name": "23523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23523"
},
{
"name": "21747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21747"
},
{
"name": "ADV-2006-5152",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6804",
"datePublished": "2006-12-28T21:00:00.000Z",
"dateReserved": "2006-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:07.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6803 (GCVE-0-2006-6803)
Vulnerability from cvelistv5 – Published: 2006-12-28 21:00 – Updated: 2024-08-07 20:42
VLAI
Summary
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/23566 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/31681 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/21748 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/5153 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/2989 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23566"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31681"
},
{
"name": "21748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21748"
},
{
"name": "ADV-2006-5153",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5153"
},
{
"name": "2989",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23566"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31681"
},
{
"name": "21748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21748"
},
{
"name": "ADV-2006-5153",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5153"
},
{
"name": "2989",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23566"
},
{
"name": "31681",
"refsource": "OSVDB",
"url": "http://osvdb.org/31681"
},
{
"name": "21748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21748"
},
{
"name": "ADV-2006-5153",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5153"
},
{
"name": "2989",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6803",
"datePublished": "2006-12-28T21:00:00.000Z",
"dateReserved": "2006-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:07.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6204 (GCVE-0-2006-6204)
Vulnerability from cvelistv5 – Published: 2006-12-01 01:00 – Updated: 2024-08-07 20:19
VLAI
Summary
Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4643 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/21193 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/23016 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/452107/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1942 | third-party-advisoryx_refsource_SREASON |
| http://s-a-p.ca/index.php?page=OurAdvisories&id=50 | x_refsource_MISC |
Date Public
2006-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4643"
},
{
"name": "21193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21193"
},
{
"name": "ehomes-multiple-sql-injection(30419)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30419"
},
{
"name": "23016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23016"
},
{
"name": "20061120 ehomes [multiples injections sql]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452107/100/100/threaded"
},
{
"name": "1942",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4643"
},
{
"name": "21193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21193"
},
{
"name": "ehomes-multiple-sql-injection(30419)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30419"
},
{
"name": "23016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23016"
},
{
"name": "20061120 ehomes [multiples injections sql]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452107/100/100/threaded"
},
{
"name": "1942",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4643",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4643"
},
{
"name": "21193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21193"
},
{
"name": "ehomes-multiple-sql-injection(30419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30419"
},
{
"name": "23016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23016"
},
{
"name": "20061120 ehomes [multiples injections sql]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452107/100/100/threaded"
},
{
"name": "1942",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1942"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=50",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6204",
"datePublished": "2006-12-01T01:00:00.000Z",
"dateReserved": "2006-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:19:35.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6208 (GCVE-0-2006-6208)
Vulnerability from cvelistv5 – Published: 2006-12-01 01:00 – Updated: 2024-08-07 20:19
VLAI
Summary
Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/23050 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/21192 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/452102/100… | mailing-listx_refsource_BUGTRAQ |
| http://s-a-p.ca/index.php?page=OurAdvisories&id=46 | x_refsource_MISC |
| http://securityreason.com/securityalert/1943 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/4642 | vdb-entryx_refsource_VUPEN |
Date Public
2006-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23050"
},
{
"name": "21192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21192"
},
{
"name": "20061119 eClassifieds [injection sql]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452102/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=46"
},
{
"name": "1943",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1943"
},
{
"name": "eclassifieds-ad-sql-injection(30423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30423"
},
{
"name": "ADV-2006-4642",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23050"
},
{
"name": "21192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21192"
},
{
"name": "20061119 eClassifieds [injection sql]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452102/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=46"
},
{
"name": "1943",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1943"
},
{
"name": "eclassifieds-ad-sql-injection(30423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30423"
},
{
"name": "ADV-2006-4642",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23050"
},
{
"name": "21192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21192"
},
{
"name": "20061119 eClassifieds [injection sql]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452102/100/100/threaded"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=46",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=46"
},
{
"name": "1943",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1943"
},
{
"name": "eclassifieds-ad-sql-injection(30423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30423"
},
{
"name": "ADV-2006-4642",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6208",
"datePublished": "2006-12-01T01:00:00.000Z",
"dateReserved": "2006-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:19:35.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6205 (GCVE-0-2006-6205)
Vulnerability from cvelistv5 – Published: 2006-12-01 01:00 – Updated: 2024-08-07 20:19
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4643 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/21193 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/23016 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/452107/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1942 | third-party-advisoryx_refsource_SREASON |
| http://s-a-p.ca/index.php?page=OurAdvisories&id=50 | x_refsource_MISC |
Date Public
2006-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4643"
},
{
"name": "21193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21193"
},
{
"name": "23016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23016"
},
{
"name": "20061120 ehomes [multiples injections sql]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452107/100/100/threaded"
},
{
"name": "ehomes-result-xss(30420)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30420"
},
{
"name": "1942",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4643"
},
{
"name": "21193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21193"
},
{
"name": "23016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23016"
},
{
"name": "20061120 ehomes [multiples injections sql]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452107/100/100/threaded"
},
{
"name": "ehomes-result-xss(30420)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30420"
},
{
"name": "1942",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4643",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4643"
},
{
"name": "21193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21193"
},
{
"name": "23016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23016"
},
{
"name": "20061120 ehomes [multiples injections sql]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452107/100/100/threaded"
},
{
"name": "ehomes-result-xss(30420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30420"
},
{
"name": "1942",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1942"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=50",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6205",
"datePublished": "2006-12-01T01:00:00.000Z",
"dateReserved": "2006-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:19:35.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6073 (GCVE-0-2006-6073)
Vulnerability from cvelistv5 – Published: 2006-11-24 17:00 – Updated: 2024-08-07 20:12
VLAI
Summary
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=116353137028066&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://aria-security.net/advisory/eShopping.txt | x_refsource_MISC |
Date Public
2006-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061113 ECommerce Store Shop Builder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=116353137028066\u0026w=2"
},
{
"name": "eshoppingcart-product-sql-injection(30262)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30262"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aria-security.net/advisory/eShopping.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061113 ECommerce Store Shop Builder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=116353137028066\u0026w=2"
},
{
"name": "eshoppingcart-product-sql-injection(30262)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30262"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aria-security.net/advisory/eShopping.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061113 ECommerce Store Shop Builder",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=116353137028066\u0026w=2"
},
{
"name": "eshoppingcart-product-sql-injection(30262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30262"
},
{
"name": "http://aria-security.net/advisory/eShopping.txt",
"refsource": "MISC",
"url": "http://aria-security.net/advisory/eShopping.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6073",
"datePublished": "2006-11-24T17:00:00.000Z",
"dateReserved": "2006-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:12:31.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6074 (GCVE-0-2006-6074)
Vulnerability from cvelistv5 – Published: 2006-11-24 17:00 – Updated: 2024-08-07 20:12
VLAI
Summary
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1906 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/451840/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/22955 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/4578 | vdb-entryx_refsource_VUPEN |
| http://s-a-p.ca/index.php?page=OurAdvisories&id=21 | x_refsource_MISC |
| http://www.securityfocus.com/bid/21151 | vdb-entryx_refsource_BID |
Date Public
2006-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1906"
},
{
"name": "20061114 eShopping Cart [injection sql]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451840/100/0/threaded"
},
{
"name": "22955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22955"
},
{
"name": "ADV-2006-4578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4578"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=21"
},
{
"name": "21151",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1906"
},
{
"name": "20061114 eShopping Cart [injection sql]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451840/100/0/threaded"
},
{
"name": "22955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22955"
},
{
"name": "ADV-2006-4578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4578"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=21"
},
{
"name": "21151",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1906",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1906"
},
{
"name": "20061114 eShopping Cart [injection sql]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451840/100/0/threaded"
},
{
"name": "22955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22955"
},
{
"name": "ADV-2006-4578",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4578"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=21",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories\u0026id=21"
},
{
"name": "21151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6074",
"datePublished": "2006-11-24T17:00:00.000Z",
"dateReserved": "2006-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:12:31.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3027 (GCVE-0-2006-3027)
Vulnerability from cvelistv5 – Published: 2006-06-15 10:00 – Updated: 2024-08-07 18:16
VLAI
Summary
Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/2316 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/21742 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/5160 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://pridels0.blogspot.com/2006/06/ephotos-vuln.html | x_refsource_MISC |
| http://secunia.com/advisories/23525 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/26366 | vdb-entryx_refsource_OSVDB |
| https://www.exploit-db.com/exploits/2986 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/26365 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/26367 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/20609 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-06-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:04.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2316"
},
{
"name": "21742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21742"
},
{
"name": "ADV-2006-5160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5160"
},
{
"name": "ephotos-multiple-script-sql-injection(27035)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27035"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/06/ephotos-vuln.html"
},
{
"name": "23525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23525"
},
{
"name": "26366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26366"
},
{
"name": "2986",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2986"
},
{
"name": "26365",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26365"
},
{
"name": "26367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26367"
},
{
"name": "20609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2316"
},
{
"name": "21742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21742"
},
{
"name": "ADV-2006-5160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5160"
},
{
"name": "ephotos-multiple-script-sql-injection(27035)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27035"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/06/ephotos-vuln.html"
},
{
"name": "23525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23525"
},
{
"name": "26366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26366"
},
{
"name": "2986",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2986"
},
{
"name": "26365",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26365"
},
{
"name": "26367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26367"
},
{
"name": "20609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2316"
},
{
"name": "21742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21742"
},
{
"name": "ADV-2006-5160",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5160"
},
{
"name": "ephotos-multiple-script-sql-injection(27035)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27035"
},
{
"name": "http://pridels0.blogspot.com/2006/06/ephotos-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/ephotos-vuln.html"
},
{
"name": "23525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23525"
},
{
"name": "26366",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26366"
},
{
"name": "2986",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2986"
},
{
"name": "26365",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26365"
},
{
"name": "26367",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26367"
},
{
"name": "20609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3027",
"datePublished": "2006-06-15T10:00:00.000Z",
"dateReserved": "2006-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:16:04.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}