Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2063

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2063
Last Modified 03 Nov 2008 01:18:52
Published 26 Apr 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2063

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.

Vulnerable Systems

Application

  • Leadhound Network Leadhound Full 2.1

  • Leadhound Network Leadhound Full 2.1 Network Version

  • Leadhound Network Leadhound Lite 2.1


References

OSVDB - 25060

OSVDB - 25059

OSVDB - 25058

OSVDB - 25057

OSVDB - 25056

OSVDB - 25055

OSVDB - 25054

OSVDB - 25053

OSVDB - 25052

OSVDB - 25051

OSVDB - 25050

OSVDB - 25049

OSVDB - 25048

OSVDB - 25047

OSVDB - 25046

OSVDB - 25045

OSVDB - 25044

OSVDB - 25043

OSVDB - 25042

OSVDB - 25041

OSVDB - 25039

OSVDB - 25038

OSVDB - 25037

OSVDB - 25036

OSVDB - 25035

OSVDB - 25034

OSVDB - 25033

OSVDB - 25032

OSVDB - 25031

OSVDB - 25030

SECUNIA - 19867

MISC - http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html


Last Updated: 27 May 2016 10:42:19