Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for cartweaver_coldfusion by application_dynamics

    CVE-2006-2047 (GCVE-0-2006-2047)

    Vulnerability from nvd – Published: 2006-04-26 20:00 – Updated: 2024-08-07 17:35
    VLAI
    Summary
    Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1513 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/24963 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19812 third-party-advisoryx_refsource_SECUNIA
    http://pridels0.blogspot.com/2006/04/cartweaver-c… x_refsource_MISC
    http://www.osvdb.org/24964 vdb-entryx_refsource_OSVDB
    Date Public
    2006-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:35:31.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cartweaver-multiple-path-disclosure(26061)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26061"
              },
              {
                "name": "ADV-2006-1513",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1513"
              },
              {
                "name": "24963",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24963"
              },
              {
                "name": "19812",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19812"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
              },
              {
                "name": "24964",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24964"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cartweaver-multiple-path-disclosure(26061)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26061"
            },
            {
              "name": "ADV-2006-1513",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1513"
            },
            {
              "name": "24963",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24963"
            },
            {
              "name": "19812",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19812"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
            },
            {
              "name": "24964",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24964"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2047",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cartweaver-multiple-path-disclosure(26061)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26061"
                },
                {
                  "name": "ADV-2006-1513",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1513"
                },
                {
                  "name": "24963",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24963"
                },
                {
                  "name": "19812",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19812"
                },
                {
                  "name": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html",
                  "refsource": "MISC",
                  "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
                },
                {
                  "name": "24964",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24964"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2047",
        "datePublished": "2006-04-26T20:00:00.000Z",
        "dateReserved": "2006-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:35:31.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2046 (GCVE-0-2006-2046)

    Vulnerability from nvd – Published: 2006-04-26 20:00 – Updated: 2024-08-07 17:35
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1513 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25210 vdb-entryx_refsource_BID
    http://www.osvdb.org/24962 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/4264 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/19812 third-party-advisoryx_refsource_SECUNIA
    http://pridels0.blogspot.com/2006/04/cartweaver-c… x_refsource_MISC
    http://www.securityfocus.com/bid/17941 vdb-entryx_refsource_BID
    http://www.techfeed.net/blog/index.cfm/2006/4/26/… x_refsource_CONFIRM
    http://www.osvdb.org/24961 vdb-entryx_refsource_OSVDB
    Date Public
    2006-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:35:31.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cartweaver-multiple-sql-injection(26060)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26060"
              },
              {
                "name": "ADV-2006-1513",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1513"
              },
              {
                "name": "25210",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25210"
              },
              {
                "name": "24962",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24962"
              },
              {
                "name": "4264",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4264"
              },
              {
                "name": "19812",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19812"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
              },
              {
                "name": "17941",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes"
              },
              {
                "name": "24961",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24961"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cartweaver-multiple-sql-injection(26060)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26060"
            },
            {
              "name": "ADV-2006-1513",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1513"
            },
            {
              "name": "25210",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25210"
            },
            {
              "name": "24962",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24962"
            },
            {
              "name": "4264",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4264"
            },
            {
              "name": "19812",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19812"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
            },
            {
              "name": "17941",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes"
            },
            {
              "name": "24961",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24961"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cartweaver-multiple-sql-injection(26060)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26060"
                },
                {
                  "name": "ADV-2006-1513",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1513"
                },
                {
                  "name": "25210",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25210"
                },
                {
                  "name": "24962",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24962"
                },
                {
                  "name": "4264",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4264"
                },
                {
                  "name": "19812",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19812"
                },
                {
                  "name": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html",
                  "refsource": "MISC",
                  "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
                },
                {
                  "name": "17941",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17941"
                },
                {
                  "name": "http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes",
                  "refsource": "CONFIRM",
                  "url": "http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes"
                },
                {
                  "name": "24961",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24961"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2046",
        "datePublished": "2006-04-26T20:00:00.000Z",
        "dateReserved": "2006-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:35:31.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2047 (GCVE-0-2006-2047)

    Vulnerability from cvelistv5 – Published: 2006-04-26 20:00 – Updated: 2024-08-07 17:35
    VLAI
    Summary
    Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1513 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/24963 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19812 third-party-advisoryx_refsource_SECUNIA
    http://pridels0.blogspot.com/2006/04/cartweaver-c… x_refsource_MISC
    http://www.osvdb.org/24964 vdb-entryx_refsource_OSVDB
    Date Public
    2006-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:35:31.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cartweaver-multiple-path-disclosure(26061)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26061"
              },
              {
                "name": "ADV-2006-1513",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1513"
              },
              {
                "name": "24963",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24963"
              },
              {
                "name": "19812",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19812"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
              },
              {
                "name": "24964",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24964"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cartweaver-multiple-path-disclosure(26061)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26061"
            },
            {
              "name": "ADV-2006-1513",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1513"
            },
            {
              "name": "24963",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24963"
            },
            {
              "name": "19812",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19812"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
            },
            {
              "name": "24964",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24964"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2047",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cartweaver-multiple-path-disclosure(26061)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26061"
                },
                {
                  "name": "ADV-2006-1513",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1513"
                },
                {
                  "name": "24963",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24963"
                },
                {
                  "name": "19812",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19812"
                },
                {
                  "name": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html",
                  "refsource": "MISC",
                  "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
                },
                {
                  "name": "24964",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24964"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2047",
        "datePublished": "2006-04-26T20:00:00.000Z",
        "dateReserved": "2006-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:35:31.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2046 (GCVE-0-2006-2046)

    Vulnerability from cvelistv5 – Published: 2006-04-26 20:00 – Updated: 2024-08-07 17:35
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1513 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25210 vdb-entryx_refsource_BID
    http://www.osvdb.org/24962 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/4264 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/19812 third-party-advisoryx_refsource_SECUNIA
    http://pridels0.blogspot.com/2006/04/cartweaver-c… x_refsource_MISC
    http://www.securityfocus.com/bid/17941 vdb-entryx_refsource_BID
    http://www.techfeed.net/blog/index.cfm/2006/4/26/… x_refsource_CONFIRM
    http://www.osvdb.org/24961 vdb-entryx_refsource_OSVDB
    Date Public
    2006-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:35:31.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cartweaver-multiple-sql-injection(26060)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26060"
              },
              {
                "name": "ADV-2006-1513",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1513"
              },
              {
                "name": "25210",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25210"
              },
              {
                "name": "24962",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24962"
              },
              {
                "name": "4264",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4264"
              },
              {
                "name": "19812",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19812"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
              },
              {
                "name": "17941",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes"
              },
              {
                "name": "24961",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24961"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cartweaver-multiple-sql-injection(26060)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26060"
            },
            {
              "name": "ADV-2006-1513",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1513"
            },
            {
              "name": "25210",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25210"
            },
            {
              "name": "24962",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24962"
            },
            {
              "name": "4264",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4264"
            },
            {
              "name": "19812",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19812"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
            },
            {
              "name": "17941",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes"
            },
            {
              "name": "24961",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24961"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cartweaver-multiple-sql-injection(26060)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26060"
                },
                {
                  "name": "ADV-2006-1513",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1513"
                },
                {
                  "name": "25210",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25210"
                },
                {
                  "name": "24962",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24962"
                },
                {
                  "name": "4264",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4264"
                },
                {
                  "name": "19812",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19812"
                },
                {
                  "name": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html",
                  "refsource": "MISC",
                  "url": "http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html"
                },
                {
                  "name": "17941",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17941"
                },
                {
                  "name": "http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes",
                  "refsource": "CONFIRM",
                  "url": "http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes"
                },
                {
                  "name": "24961",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24961"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2046",
        "datePublished": "2006-04-26T20:00:00.000Z",
        "dateReserved": "2006-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:35:31.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }