CVE-2006-1397 (GCVE-0-2006-1397)

Vulnerability from cvelistv5 – Published: 2006-03-28 11:00 – Updated: 2024-08-07 17:12
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
http://secunia.com/advisories/19384 third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/24206 vdb-entryx_refsource_OSVDB
http://securityreason.com/securityalert/633 third-party-advisoryx_refsource_SREASON
http://www.vupen.com/english/advisories/2006/1107 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/17251 vdb-entryx_refsource_BID
http://phpadsnew.com/two/nucleus/index.php?itemid=46 x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/428898/100… mailing-listx_refsource_BUGTRAQ
http://www.osvdb.org/24205 vdb-entryx_refsource_OSVDB
http://securitytracker.com/id?1015829 vdb-entryx_refsource_SECTRACK
http://securitytracker.com/id?1015828 vdb-entryx_refsource_SECTRACK
http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:12:21.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "phpadsnew-login-banner-xss(25458)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"
          },
          {
            "name": "19384",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19384"
          },
          {
            "name": "24206",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24206"
          },
          {
            "name": "633",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/633"
          },
          {
            "name": "ADV-2006-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1107"
          },
          {
            "name": "17251",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17251"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"
          },
          {
            "name": "20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"
          },
          {
            "name": "24205",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24205"
          },
          {
            "name": "1015829",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015829"
          },
          {
            "name": "1015828",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015828"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "phpadsnew-login-banner-xss(25458)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"
        },
        {
          "name": "19384",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19384"
        },
        {
          "name": "24206",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24206"
        },
        {
          "name": "633",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/633"
        },
        {
          "name": "ADV-2006-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1107"
        },
        {
          "name": "17251",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17251"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"
        },
        {
          "name": "20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"
        },
        {
          "name": "24205",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24205"
        },
        {
          "name": "1015829",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015829"
        },
        {
          "name": "1015828",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015828"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1397",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "phpadsnew-login-banner-xss(25458)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25458"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=404964",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=404964"
            },
            {
              "name": "19384",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19384"
            },
            {
              "name": "24206",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24206"
            },
            {
              "name": "633",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/633"
            },
            {
              "name": "ADV-2006-1107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1107"
            },
            {
              "name": "17251",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17251"
            },
            {
              "name": "http://phpadsnew.com/two/nucleus/index.php?itemid=46",
              "refsource": "CONFIRM",
              "url": "http://phpadsnew.com/two/nucleus/index.php?itemid=46"
            },
            {
              "name": "20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/428898/100/0/threaded"
            },
            {
              "name": "24205",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24205"
            },
            {
              "name": "1015829",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015829"
            },
            {
              "name": "1015828",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015828"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=404963",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=404963"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1397",
    "datePublished": "2006-03-28T11:00:00",
    "dateReserved": "2006-03-28T00:00:00",
    "dateUpdated": "2024-08-07T17:12:21.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1397\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-03-28T11:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpadsnew:phpadsnew:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0845A199-2B04-474D-8F03-A4A646A018A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpadsnew:phpadsnew:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"906D4516-6D64-47AA-ADAE-AC96D071C07C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpadsnew:phpadsnew:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0456A2-AAA5-463B-BE1F-90032EF745CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpadsnew:phpadsnew:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE5BAA40-7585-4877-B227-ED0C4EF78A09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52CE9A50-87BA-4BEC-9076-9E0C24B2E972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpadsnew:phpadsnew:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F9A8ABA-941E-474B-A1AF-329678D424E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B27D5E0-0A62-407E-9597-F9B6E79BE929\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgads:phppgads:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"308814A1-A5D5-4DB6-81B9-18EE0B92D6CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgads:phppgads:2.0.4_pr2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E6EA06C-E45D-4D6D-84B2-7DB37A8A85C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgads:phppgads:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91D30F73-4815-41BE-994E-8B399AB75593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgads:phppgads:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFC4EC37-7D4E-48A2-8325-C16A06CF094D\"}]}]}],\"references\":[{\"url\":\"http://phpadsnew.com/two/nucleus/index.php?itemid=46\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19384\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/633\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015828\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1015829\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=404963\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=404964\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/24205\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/24206\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/428898/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17251\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1107\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25458\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://phpadsnew.com/two/nucleus/index.php?itemid=46\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015828\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1015829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=404963\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=404964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/24205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/24206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/428898/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25458\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.