Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    16 vulnerabilities by etomite

    CVE-2011-4264 (GCVE-0-2011-4264)

    Vulnerability from nvd – Published: 2011-12-08 11:00 – Updated: 2024-09-16 19:35
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2011-000101 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN04329324/index.html third-party-advisoryx_refsource_JVN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2011-000101",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000101"
              },
              {
                "name": "JVN#04329324",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN04329324/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-12-08T11:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2011-000101",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000101"
            },
            {
              "name": "JVN#04329324",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN04329324/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2011-4264",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2011-000101",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000101"
                },
                {
                  "name": "JVN#04329324",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN04329324/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2011-4264",
        "datePublished": "2011-12-08T11:00:00.000Z",
        "dateReserved": "2011-11-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:35:03.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0820 (GCVE-0-2008-0820)

    Vulnerability from nvd – Published: 2008-02-19 20:00 – Updated: 2024-08-07 08:01 Disputed
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3669 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/488304/100… mailing-listx_refsource_BUGTRAQ
    http://www.etomite.com/forums/index.php?showtopic=7647 x_refsource_MISC
    http://www.securityfocus.com/bid/27794 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28964 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/488122/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:39.060Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3669",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3669"
              },
              {
                "name": "20080218 Re: etomite xss",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488304/100/100/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.etomite.com/forums/index.php?showtopic=7647"
              },
              {
                "name": "27794",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27794"
              },
              {
                "name": "etomite-index-xss(40525)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40525"
              },
              {
                "name": "28964",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28964"
              },
              {
                "name": "20080214 etomite xss",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488122/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER[\u0027PHP_INFO\u0027].  NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER[\u0027PHP_SELF\u0027], and \"This is not an Etomite specific exploit and I would like the report rescinded."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3669",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3669"
            },
            {
              "name": "20080218 Re: etomite xss",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488304/100/100/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.etomite.com/forums/index.php?showtopic=7647"
            },
            {
              "name": "27794",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27794"
            },
            {
              "name": "etomite-index-xss(40525)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40525"
            },
            {
              "name": "28964",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28964"
            },
            {
              "name": "20080214 etomite xss",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488122/100/0/threaded"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED **  Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER[\u0027PHP_INFO\u0027].  NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER[\u0027PHP_SELF\u0027], and \"This is not an Etomite specific exploit and I would like the report rescinded.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3669",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3669"
                },
                {
                  "name": "20080218 Re: etomite xss",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488304/100/100/threaded"
                },
                {
                  "name": "http://www.etomite.com/forums/index.php?showtopic=7647",
                  "refsource": "MISC",
                  "url": "http://www.etomite.com/forums/index.php?showtopic=7647"
                },
                {
                  "name": "27794",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27794"
                },
                {
                  "name": "etomite-index-xss(40525)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40525"
                },
                {
                  "name": "28964",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28964"
                },
                {
                  "name": "20080214 etomite xss",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488122/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0820",
        "datePublished": "2008-02-19T20:00:00.000Z",
        "dateReserved": "2008-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:39.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-7070 (GCVE-0-2006-7070)

    Vulnerability from nvd – Published: 2007-02-27 18:00 – Updated: 2024-08-07 20:50
    VLAI
    Summary
    Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21208 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/19157 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1016593 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/441202/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/2072 exploitx_refsource_EXPLOIT-DB
    http://www.osvdb.org/27543 vdb-entryx_refsource_OSVDB
    http://www.etomite.org/forums/index.php?showtopic… x_refsource_CONFIRM
    http://retrogod.altervista.org/etomite_061_cmd.html x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/2326 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:50:06.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21208",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21208"
              },
              {
                "name": "19157",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19157"
              },
              {
                "name": "1016593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016593"
              },
              {
                "name": "20060725 Etomite CMS \u003c= 0.6.1 \u0027rfiles.php\u0027 remote command execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/441202/100/0/threaded"
              },
              {
                "name": "2072",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2072"
              },
              {
                "name": "27543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/27543"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=5757\u0026st=0\u0026p=35605\u0026#entry35605"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://retrogod.altervista.org/etomite_061_cmd.html"
              },
              {
                "name": "etomite-rfiles-file-upload(27947)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27947"
              },
              {
                "name": "2326",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2326"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21208",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21208"
            },
            {
              "name": "19157",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19157"
            },
            {
              "name": "1016593",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016593"
            },
            {
              "name": "20060725 Etomite CMS \u003c= 0.6.1 \u0027rfiles.php\u0027 remote command execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/441202/100/0/threaded"
            },
            {
              "name": "2072",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2072"
            },
            {
              "name": "27543",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/27543"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=5757\u0026st=0\u0026p=35605\u0026#entry35605"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://retrogod.altervista.org/etomite_061_cmd.html"
            },
            {
              "name": "etomite-rfiles-file-upload(27947)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27947"
            },
            {
              "name": "2326",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2326"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-7070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21208",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21208"
                },
                {
                  "name": "19157",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19157"
                },
                {
                  "name": "1016593",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016593"
                },
                {
                  "name": "20060725 Etomite CMS \u003c= 0.6.1 \u0027rfiles.php\u0027 remote command execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/441202/100/0/threaded"
                },
                {
                  "name": "2072",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2072"
                },
                {
                  "name": "27543",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/27543"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=5757\u0026st=0\u0026p=35605\u0026#entry35605",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=5757\u0026st=0\u0026p=35605\u0026#entry35605"
                },
                {
                  "name": "http://retrogod.altervista.org/etomite_061_cmd.html",
                  "refsource": "MISC",
                  "url": "http://retrogod.altervista.org/etomite_061_cmd.html"
                },
                {
                  "name": "etomite-rfiles-file-upload(27947)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27947"
                },
                {
                  "name": "2326",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2326"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-7070",
        "datePublished": "2007-02-27T18:00:00.000Z",
        "dateReserved": "2007-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:50:06.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6048 (GCVE-0-2006-6048)

    Vulnerability from nvd – Published: 2006-11-22 00:00 – Updated: 2024-08-07 20:12
    VLAI
    Summary
    SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:12:31.526Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22885",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22885"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.0xcafebabe.it/sploits/etm_0612_sqlinj.pl"
              },
              {
                "name": "etomite-index-sql-injection(30328)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30328"
              },
              {
                "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
              },
              {
                "name": "21135",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21135"
              },
              {
                "name": "ADV-2006-4558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4558"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
              },
              {
                "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22885",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22885"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.0xcafebabe.it/sploits/etm_0612_sqlinj.pl"
            },
            {
              "name": "etomite-index-sql-injection(30328)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30328"
            },
            {
              "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
            },
            {
              "name": "21135",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21135"
            },
            {
              "name": "ADV-2006-4558",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4558"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
            },
            {
              "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6048",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22885",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22885"
                },
                {
                  "name": "http://www.0xcafebabe.it/sploits/etm_0612_sqlinj.pl",
                  "refsource": "MISC",
                  "url": "http://www.0xcafebabe.it/sploits/etm_0612_sqlinj.pl"
                },
                {
                  "name": "etomite-index-sql-injection(30328)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30328"
                },
                {
                  "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
                },
                {
                  "name": "21135",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21135"
                },
                {
                  "name": "ADV-2006-4558",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4558"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=6388",
                  "refsource": "MISC",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
                },
                {
                  "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6048",
        "datePublished": "2006-11-22T00:00:00.000Z",
        "dateReserved": "2006-11-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:12:31.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6047 (GCVE-0-2006-6047)

    Vulnerability from nvd – Published: 2006-11-22 00:00 – Updated: 2024-08-07 20:12
    VLAI
    Summary
    Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:12:31.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22885",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22885"
              },
              {
                "name": "2790",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2790"
              },
              {
                "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl"
              },
              {
                "name": "21135",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21135"
              },
              {
                "name": "ADV-2006-4558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4558"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
              },
              {
                "name": "etomite-index-file-include(30329)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30329"
              },
              {
                "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22885",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22885"
            },
            {
              "name": "2790",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2790"
            },
            {
              "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl"
            },
            {
              "name": "21135",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21135"
            },
            {
              "name": "ADV-2006-4558",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4558"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
            },
            {
              "name": "etomite-index-file-include(30329)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30329"
            },
            {
              "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6047",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22885",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22885"
                },
                {
                  "name": "2790",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2790"
                },
                {
                  "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
                },
                {
                  "name": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl",
                  "refsource": "MISC",
                  "url": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl"
                },
                {
                  "name": "21135",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21135"
                },
                {
                  "name": "ADV-2006-4558",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4558"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=6388",
                  "refsource": "MISC",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
                },
                {
                  "name": "etomite-index-file-include(30329)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30329"
                },
                {
                  "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6047",
        "datePublished": "2006-11-22T00:00:00.000Z",
        "dateReserved": "2006-11-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:12:31.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5242 (GCVE-0-2006-5242)

    Vulnerability from nvd – Published: 2006-10-12 00:00 – Updated: 2024-08-07 19:41
    VLAI
    Summary
    SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/22217 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/3975 vdb-entryx_refsource_VUPEN
    http://www.etomite.org/forums/index.php?showtopic=6095 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/20449 vdb-entryx_refsource_BID
    Date Public
    2006-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:41:05.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22217",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22217"
              },
              {
                "name": "ADV-2006-3975",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3975"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=6095"
              },
              {
                "name": "20449",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20449"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22217",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22217"
            },
            {
              "name": "ADV-2006-3975",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3975"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=6095"
            },
            {
              "name": "20449",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20449"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22217",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22217"
                },
                {
                  "name": "ADV-2006-3975",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3975"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=6095",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=6095"
                },
                {
                  "name": "20449",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20449"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5242",
        "datePublished": "2006-10-12T00:00:00.000Z",
        "dateReserved": "2006-10-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:41:05.764Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3904 (GCVE-0-2006-3904)

    Vulnerability from nvd – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
    VLAI
    Summary
    SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/19150 vdb-entryx_refsource_BID
    http://www.etomite.org/forums/index.php?showtopic… x_refsource_CONFIRM
    http://secunia.com/advisories/21167 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2961 vdb-entryx_refsource_VUPEN
    https://www.exploit-db.com/exploits/2071 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/27485 vdb-entryx_refsource_OSVDB
    http://retrogod.altervista.org/etomite_061_sql.html x_refsource_MISC
    http://securitytracker.com/id?1016594 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:48:39.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19150",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19150"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=5706\u0026st=0\u0026p=35307\u0026#entry35307"
              },
              {
                "name": "21167",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21167"
              },
              {
                "name": "ADV-2006-2961",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2961"
              },
              {
                "name": "2071",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2071"
              },
              {
                "name": "etomite-username-sql-injection(27943)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943"
              },
              {
                "name": "27485",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/27485"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://retrogod.altervista.org/etomite_061_sql.html"
              },
              {
                "name": "1016594",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-18T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19150",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19150"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=5706\u0026st=0\u0026p=35307\u0026#entry35307"
            },
            {
              "name": "21167",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21167"
            },
            {
              "name": "ADV-2006-2961",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2961"
            },
            {
              "name": "2071",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2071"
            },
            {
              "name": "etomite-username-sql-injection(27943)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943"
            },
            {
              "name": "27485",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/27485"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://retrogod.altervista.org/etomite_061_sql.html"
            },
            {
              "name": "1016594",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19150",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19150"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=5706\u0026st=0\u0026p=35307\u0026#entry35307",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=5706\u0026st=0\u0026p=35307\u0026#entry35307"
                },
                {
                  "name": "21167",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21167"
                },
                {
                  "name": "ADV-2006-2961",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2961"
                },
                {
                  "name": "2071",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2071"
                },
                {
                  "name": "etomite-username-sql-injection(27943)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943"
                },
                {
                  "name": "27485",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/27485"
                },
                {
                  "name": "http://retrogod.altervista.org/etomite_061_sql.html",
                  "refsource": "MISC",
                  "url": "http://retrogod.altervista.org/etomite_061_sql.html"
                },
                {
                  "name": "1016594",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3904",
        "datePublished": "2006-07-27T22:00:00.000Z",
        "dateReserved": "2006-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:48:39.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0325 (GCVE-0-2006-0325)

    Vulnerability from nvd – Published: 2006-01-20 21:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-01-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:13.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "16336",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16336"
              },
              {
                "name": "18556",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18556"
              },
              {
                "name": "ADV-2006-0283",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0283"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=4185"
              },
              {
                "name": "22693",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/22693"
              },
              {
                "name": "20060127 Etomite CMS \"Backdoored\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/423497/100/0/threaded"
              },
              {
                "name": "etomite-default-backdoor(24254)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=4291"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.lucaercoli.it/advs/etomite.txt"
              },
              {
                "name": "20060130 Etomite followup information",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/423523/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the \"cij\" parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "16336",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16336"
            },
            {
              "name": "18556",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18556"
            },
            {
              "name": "ADV-2006-0283",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0283"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=4185"
            },
            {
              "name": "22693",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/22693"
            },
            {
              "name": "20060127 Etomite CMS \"Backdoored\"",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/423497/100/0/threaded"
            },
            {
              "name": "etomite-default-backdoor(24254)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=4291"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.lucaercoli.it/advs/etomite.txt"
            },
            {
              "name": "20060130 Etomite followup information",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/423523/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0325",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the \"cij\" parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "16336",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16336"
                },
                {
                  "name": "18556",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18556"
                },
                {
                  "name": "ADV-2006-0283",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0283"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=4185",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=4185"
                },
                {
                  "name": "22693",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/22693"
                },
                {
                  "name": "20060127 Etomite CMS \"Backdoored\"",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/423497/100/0/threaded"
                },
                {
                  "name": "etomite-default-backdoor(24254)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24254"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=4291",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=4291"
                },
                {
                  "name": "http://www.lucaercoli.it/advs/etomite.txt",
                  "refsource": "MISC",
                  "url": "http://www.lucaercoli.it/advs/etomite.txt"
                },
                {
                  "name": "20060130 Etomite followup information",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/423523/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0325",
        "datePublished": "2006-01-20T21:00:00.000Z",
        "dateReserved": "2006-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:13.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4264 (GCVE-0-2011-4264)

    Vulnerability from cvelistv5 – Published: 2011-12-08 11:00 – Updated: 2024-09-16 19:35
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2011-000101 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN04329324/index.html third-party-advisoryx_refsource_JVN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2011-000101",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000101"
              },
              {
                "name": "JVN#04329324",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN04329324/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-12-08T11:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2011-000101",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000101"
            },
            {
              "name": "JVN#04329324",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN04329324/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2011-4264",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2011-000101",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000101"
                },
                {
                  "name": "JVN#04329324",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN04329324/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2011-4264",
        "datePublished": "2011-12-08T11:00:00.000Z",
        "dateReserved": "2011-11-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:35:03.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0820 (GCVE-0-2008-0820)

    Vulnerability from cvelistv5 – Published: 2008-02-19 20:00 – Updated: 2024-08-07 08:01 Disputed
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3669 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/488304/100… mailing-listx_refsource_BUGTRAQ
    http://www.etomite.com/forums/index.php?showtopic=7647 x_refsource_MISC
    http://www.securityfocus.com/bid/27794 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28964 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/488122/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:39.060Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3669",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3669"
              },
              {
                "name": "20080218 Re: etomite xss",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488304/100/100/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.etomite.com/forums/index.php?showtopic=7647"
              },
              {
                "name": "27794",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27794"
              },
              {
                "name": "etomite-index-xss(40525)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40525"
              },
              {
                "name": "28964",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28964"
              },
              {
                "name": "20080214 etomite xss",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488122/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER[\u0027PHP_INFO\u0027].  NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER[\u0027PHP_SELF\u0027], and \"This is not an Etomite specific exploit and I would like the report rescinded."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3669",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3669"
            },
            {
              "name": "20080218 Re: etomite xss",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488304/100/100/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.etomite.com/forums/index.php?showtopic=7647"
            },
            {
              "name": "27794",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27794"
            },
            {
              "name": "etomite-index-xss(40525)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40525"
            },
            {
              "name": "28964",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28964"
            },
            {
              "name": "20080214 etomite xss",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488122/100/0/threaded"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED **  Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER[\u0027PHP_INFO\u0027].  NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER[\u0027PHP_SELF\u0027], and \"This is not an Etomite specific exploit and I would like the report rescinded.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3669",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3669"
                },
                {
                  "name": "20080218 Re: etomite xss",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488304/100/100/threaded"
                },
                {
                  "name": "http://www.etomite.com/forums/index.php?showtopic=7647",
                  "refsource": "MISC",
                  "url": "http://www.etomite.com/forums/index.php?showtopic=7647"
                },
                {
                  "name": "27794",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27794"
                },
                {
                  "name": "etomite-index-xss(40525)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40525"
                },
                {
                  "name": "28964",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28964"
                },
                {
                  "name": "20080214 etomite xss",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488122/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0820",
        "datePublished": "2008-02-19T20:00:00.000Z",
        "dateReserved": "2008-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:39.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-7070 (GCVE-0-2006-7070)

    Vulnerability from cvelistv5 – Published: 2007-02-27 18:00 – Updated: 2024-08-07 20:50
    VLAI
    Summary
    Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21208 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/19157 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1016593 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/441202/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/2072 exploitx_refsource_EXPLOIT-DB
    http://www.osvdb.org/27543 vdb-entryx_refsource_OSVDB
    http://www.etomite.org/forums/index.php?showtopic… x_refsource_CONFIRM
    http://retrogod.altervista.org/etomite_061_cmd.html x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/2326 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:50:06.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21208",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21208"
              },
              {
                "name": "19157",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19157"
              },
              {
                "name": "1016593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016593"
              },
              {
                "name": "20060725 Etomite CMS \u003c= 0.6.1 \u0027rfiles.php\u0027 remote command execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/441202/100/0/threaded"
              },
              {
                "name": "2072",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2072"
              },
              {
                "name": "27543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/27543"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=5757\u0026st=0\u0026p=35605\u0026#entry35605"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://retrogod.altervista.org/etomite_061_cmd.html"
              },
              {
                "name": "etomite-rfiles-file-upload(27947)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27947"
              },
              {
                "name": "2326",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2326"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21208",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21208"
            },
            {
              "name": "19157",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19157"
            },
            {
              "name": "1016593",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016593"
            },
            {
              "name": "20060725 Etomite CMS \u003c= 0.6.1 \u0027rfiles.php\u0027 remote command execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/441202/100/0/threaded"
            },
            {
              "name": "2072",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2072"
            },
            {
              "name": "27543",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/27543"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=5757\u0026st=0\u0026p=35605\u0026#entry35605"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://retrogod.altervista.org/etomite_061_cmd.html"
            },
            {
              "name": "etomite-rfiles-file-upload(27947)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27947"
            },
            {
              "name": "2326",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2326"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-7070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21208",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21208"
                },
                {
                  "name": "19157",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19157"
                },
                {
                  "name": "1016593",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016593"
                },
                {
                  "name": "20060725 Etomite CMS \u003c= 0.6.1 \u0027rfiles.php\u0027 remote command execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/441202/100/0/threaded"
                },
                {
                  "name": "2072",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2072"
                },
                {
                  "name": "27543",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/27543"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=5757\u0026st=0\u0026p=35605\u0026#entry35605",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=5757\u0026st=0\u0026p=35605\u0026#entry35605"
                },
                {
                  "name": "http://retrogod.altervista.org/etomite_061_cmd.html",
                  "refsource": "MISC",
                  "url": "http://retrogod.altervista.org/etomite_061_cmd.html"
                },
                {
                  "name": "etomite-rfiles-file-upload(27947)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27947"
                },
                {
                  "name": "2326",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2326"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-7070",
        "datePublished": "2007-02-27T18:00:00.000Z",
        "dateReserved": "2007-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:50:06.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6048 (GCVE-0-2006-6048)

    Vulnerability from cvelistv5 – Published: 2006-11-22 00:00 – Updated: 2024-08-07 20:12
    VLAI
    Summary
    SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:12:31.526Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22885",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22885"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.0xcafebabe.it/sploits/etm_0612_sqlinj.pl"
              },
              {
                "name": "etomite-index-sql-injection(30328)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30328"
              },
              {
                "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
              },
              {
                "name": "21135",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21135"
              },
              {
                "name": "ADV-2006-4558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4558"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
              },
              {
                "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22885",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22885"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.0xcafebabe.it/sploits/etm_0612_sqlinj.pl"
            },
            {
              "name": "etomite-index-sql-injection(30328)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30328"
            },
            {
              "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
            },
            {
              "name": "21135",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21135"
            },
            {
              "name": "ADV-2006-4558",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4558"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
            },
            {
              "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6048",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22885",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22885"
                },
                {
                  "name": "http://www.0xcafebabe.it/sploits/etm_0612_sqlinj.pl",
                  "refsource": "MISC",
                  "url": "http://www.0xcafebabe.it/sploits/etm_0612_sqlinj.pl"
                },
                {
                  "name": "etomite-index-sql-injection(30328)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30328"
                },
                {
                  "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
                },
                {
                  "name": "21135",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21135"
                },
                {
                  "name": "ADV-2006-4558",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4558"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=6388",
                  "refsource": "MISC",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
                },
                {
                  "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6048",
        "datePublished": "2006-11-22T00:00:00.000Z",
        "dateReserved": "2006-11-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:12:31.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6047 (GCVE-0-2006-6047)

    Vulnerability from cvelistv5 – Published: 2006-11-22 00:00 – Updated: 2024-08-07 20:12
    VLAI
    Summary
    Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:12:31.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22885",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22885"
              },
              {
                "name": "2790",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2790"
              },
              {
                "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl"
              },
              {
                "name": "21135",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21135"
              },
              {
                "name": "ADV-2006-4558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4558"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
              },
              {
                "name": "etomite-index-file-include(30329)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30329"
              },
              {
                "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22885",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22885"
            },
            {
              "name": "2790",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2790"
            },
            {
              "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl"
            },
            {
              "name": "21135",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21135"
            },
            {
              "name": "ADV-2006-4558",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4558"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
            },
            {
              "name": "etomite-index-file-include(30329)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30329"
            },
            {
              "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6047",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22885",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22885"
                },
                {
                  "name": "2790",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2790"
                },
                {
                  "name": "20061117 Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded"
                },
                {
                  "name": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl",
                  "refsource": "MISC",
                  "url": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl"
                },
                {
                  "name": "21135",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21135"
                },
                {
                  "name": "ADV-2006-4558",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4558"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=6388",
                  "refsource": "MISC",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=6388"
                },
                {
                  "name": "etomite-index-file-include(30329)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30329"
                },
                {
                  "name": "20061116 Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6047",
        "datePublished": "2006-11-22T00:00:00.000Z",
        "dateReserved": "2006-11-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:12:31.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5242 (GCVE-0-2006-5242)

    Vulnerability from cvelistv5 – Published: 2006-10-12 00:00 – Updated: 2024-08-07 19:41
    VLAI
    Summary
    SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/22217 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/3975 vdb-entryx_refsource_VUPEN
    http://www.etomite.org/forums/index.php?showtopic=6095 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/20449 vdb-entryx_refsource_BID
    Date Public
    2006-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:41:05.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22217",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22217"
              },
              {
                "name": "ADV-2006-3975",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3975"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=6095"
              },
              {
                "name": "20449",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20449"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22217",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22217"
            },
            {
              "name": "ADV-2006-3975",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3975"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=6095"
            },
            {
              "name": "20449",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20449"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22217",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22217"
                },
                {
                  "name": "ADV-2006-3975",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3975"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=6095",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=6095"
                },
                {
                  "name": "20449",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20449"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5242",
        "datePublished": "2006-10-12T00:00:00.000Z",
        "dateReserved": "2006-10-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:41:05.764Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3904 (GCVE-0-2006-3904)

    Vulnerability from cvelistv5 – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
    VLAI
    Summary
    SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/19150 vdb-entryx_refsource_BID
    http://www.etomite.org/forums/index.php?showtopic… x_refsource_CONFIRM
    http://secunia.com/advisories/21167 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2961 vdb-entryx_refsource_VUPEN
    https://www.exploit-db.com/exploits/2071 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/27485 vdb-entryx_refsource_OSVDB
    http://retrogod.altervista.org/etomite_061_sql.html x_refsource_MISC
    http://securitytracker.com/id?1016594 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:48:39.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19150",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19150"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=5706\u0026st=0\u0026p=35307\u0026#entry35307"
              },
              {
                "name": "21167",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21167"
              },
              {
                "name": "ADV-2006-2961",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2961"
              },
              {
                "name": "2071",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2071"
              },
              {
                "name": "etomite-username-sql-injection(27943)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943"
              },
              {
                "name": "27485",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/27485"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://retrogod.altervista.org/etomite_061_sql.html"
              },
              {
                "name": "1016594",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-18T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19150",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19150"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=5706\u0026st=0\u0026p=35307\u0026#entry35307"
            },
            {
              "name": "21167",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21167"
            },
            {
              "name": "ADV-2006-2961",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2961"
            },
            {
              "name": "2071",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2071"
            },
            {
              "name": "etomite-username-sql-injection(27943)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943"
            },
            {
              "name": "27485",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/27485"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://retrogod.altervista.org/etomite_061_sql.html"
            },
            {
              "name": "1016594",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19150",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19150"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=5706\u0026st=0\u0026p=35307\u0026#entry35307",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=5706\u0026st=0\u0026p=35307\u0026#entry35307"
                },
                {
                  "name": "21167",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21167"
                },
                {
                  "name": "ADV-2006-2961",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2961"
                },
                {
                  "name": "2071",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2071"
                },
                {
                  "name": "etomite-username-sql-injection(27943)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943"
                },
                {
                  "name": "27485",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/27485"
                },
                {
                  "name": "http://retrogod.altervista.org/etomite_061_sql.html",
                  "refsource": "MISC",
                  "url": "http://retrogod.altervista.org/etomite_061_sql.html"
                },
                {
                  "name": "1016594",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3904",
        "datePublished": "2006-07-27T22:00:00.000Z",
        "dateReserved": "2006-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:48:39.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0325 (GCVE-0-2006-0325)

    Vulnerability from cvelistv5 – Published: 2006-01-20 21:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-01-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:13.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "16336",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16336"
              },
              {
                "name": "18556",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18556"
              },
              {
                "name": "ADV-2006-0283",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0283"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=4185"
              },
              {
                "name": "22693",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/22693"
              },
              {
                "name": "20060127 Etomite CMS \"Backdoored\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/423497/100/0/threaded"
              },
              {
                "name": "etomite-default-backdoor(24254)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.etomite.org/forums/index.php?showtopic=4291"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.lucaercoli.it/advs/etomite.txt"
              },
              {
                "name": "20060130 Etomite followup information",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/423523/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the \"cij\" parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "16336",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16336"
            },
            {
              "name": "18556",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18556"
            },
            {
              "name": "ADV-2006-0283",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0283"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=4185"
            },
            {
              "name": "22693",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/22693"
            },
            {
              "name": "20060127 Etomite CMS \"Backdoored\"",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/423497/100/0/threaded"
            },
            {
              "name": "etomite-default-backdoor(24254)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.etomite.org/forums/index.php?showtopic=4291"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.lucaercoli.it/advs/etomite.txt"
            },
            {
              "name": "20060130 Etomite followup information",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/423523/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0325",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the \"cij\" parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "16336",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16336"
                },
                {
                  "name": "18556",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18556"
                },
                {
                  "name": "ADV-2006-0283",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0283"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=4185",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=4185"
                },
                {
                  "name": "22693",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/22693"
                },
                {
                  "name": "20060127 Etomite CMS \"Backdoored\"",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/423497/100/0/threaded"
                },
                {
                  "name": "etomite-default-backdoor(24254)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24254"
                },
                {
                  "name": "http://www.etomite.org/forums/index.php?showtopic=4291",
                  "refsource": "CONFIRM",
                  "url": "http://www.etomite.org/forums/index.php?showtopic=4291"
                },
                {
                  "name": "http://www.lucaercoli.it/advs/etomite.txt",
                  "refsource": "MISC",
                  "url": "http://www.lucaercoli.it/advs/etomite.txt"
                },
                {
                  "name": "20060130 Etomite followup information",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/423523/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0325",
        "datePublished": "2006-01-20T21:00:00.000Z",
        "dateReserved": "2006-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:13.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }