English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2006-0146
Description:The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
Test IDs: 1.3.6.1.4.1.25623.1.0.56530   1.3.6.1.4.1.25623.1.0.56651   1.3.6.1.4.1.25623.1.0.56535   1.3.6.1.4.1.25623.1.0.56536  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2006-0146
BugTraq ID: 16187
http://www.securityfocus.com/bid/16187
Bugtraq: 20060202 Bug for libs in php link directory 2.0 (Google Search)
http://www.securityfocus.com/archive/1/423784/100/0/threaded
Bugtraq: 20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection (Google Search)
http://www.securityfocus.com/archive/1/430448/100/0/threaded
Bugtraq: 20070418 MediaBeez Sql query Execution .. Wear isn't ?? :) (Google Search)
http://www.securityfocus.com/archive/1/466171/100/0/threaded
Debian Security Information: DSA-1029 (Google Search)
http://www.debian.org/security/2006/dsa-1029
Debian Security Information: DSA-1030 (Google Search)
http://www.debian.org/security/2006/dsa-1030
Debian Security Information: DSA-1031 (Google Search)
http://www.debian.org/security/2006/dsa-1031
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
http://secunia.com/secunia_research/2005-64/advisory/
http://www.osvdb.org/22290
http://secunia.com/advisories/17418
http://secunia.com/advisories/18233
http://secunia.com/advisories/18254
http://secunia.com/advisories/18260
http://secunia.com/advisories/18267
http://secunia.com/advisories/18276
http://secunia.com/advisories/18720
http://secunia.com/advisories/19555
http://secunia.com/advisories/19563
http://secunia.com/advisories/19590
http://secunia.com/advisories/19591
http://secunia.com/advisories/19600
http://secunia.com/advisories/19691
http://secunia.com/advisories/19699
http://secunia.com/advisories/24954
http://securityreason.com/securityalert/713
http://www.vupen.com/english/advisories/2006/0101
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103
http://www.vupen.com/english/advisories/2006/0104
http://www.vupen.com/english/advisories/2006/0105
http://www.vupen.com/english/advisories/2006/0370
http://www.vupen.com/english/advisories/2006/0447
http://www.vupen.com/english/advisories/2006/1304
http://www.vupen.com/english/advisories/2006/1305
http://www.vupen.com/english/advisories/2006/1419
XForce ISS Database: adodb-server-command-execution(24051)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051



© 1998-2025 E-Soft Inc. All rights reserved.