Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1397

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1397
Last Modified 07 Mar 2011 09:33:01
Published 28 Mar 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1397

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.

Vulnerable Systems

Application

  • Phpadsnew 2 Dev 2001-10-09

  • Phpadsnew 2.0

  • Phpadsnew 2.0.2

  • Phpadsnew 2.0.3

  • Phpadsnew 2.0.4

  • Phpadsnew 2.0.5

  • Phpadsnew 2.0.7

  • Phppgads 2.0.4

  • Phppgads 2.0.4 Pr2

  • Phppgads 2.0.5

  • Phppgads 2.0.7


References

BID - 17251

BUGTRAQ - 20060327 [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=404964

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=404963

SECTRACK - 1015829

SECTRACK - 1015828

SECUNIA - 19384

VUPEN - ADV-2006-1107

CONFIRM - http://phpadsnew.com/two/nucleus/index.php?itemid=46

XF - phpadsnew-login-banner-xss(25458)

OSVDB - 24206

OSVDB - 24205

SREASON - 633


Last Updated: 27 May 2016 10:42:02