Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-1050

EPSS 0.07% · P21
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-1050

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Kwik 'KwikPay.mdb'数据库加密漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
** 有争议 ** Kwik-支付工资表 4.2.20(可能还有其它版本),存储带非安全许可的KwikPay.mdb数据库文件,从而允许本地用户获得诸如雇佣和工资数据等敏感资料。注:此信息来源未知;详情由第三方来源独自提供。注: 供应商对该漏洞有异议,指出"与kwikpay一起提供的kwikpay.mdb 文件是一个用于由kwikpay创建的用户数据库结构的模板并存储一个演示工资表。它并不包含任何敏感用户消息。当打开一个用户工资数据库时,要检查数据库加密,如果数据库没有加密,就会向用户提示加密数据库,是否
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-1050

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-1050

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-03-07 · 52 CVEs total

CVE-2006-1015PHP additional_parameters 参数注入漏洞
CVE-2006-1030Joomla mod_templatechooser 远程不确定攻击矢量漏洞
CVE-2006-1029Joomla ‘class.inputfilter.php’ 跨站脚本攻击漏洞
CVE-2006-1024AddSoft StoreBot 'MgrLogin.ASP' SQL注入漏洞
CVE-2006-1027Joomla 'feedcreator.class.php'出错信息显示路径漏洞
CVE-2006-1026Jfacets profileID GET请求漏洞
CVE-2006-1025AddSoft StoreBot 'Manage.ASP'跨站脚本攻击漏洞
CVE-2006-1028Joomla 'feedcreator.class.php'拒绝服务漏洞
CVE-2006-1017PHP c-client library多个安全绕过漏洞
CVE-2006-1016Microsoft Internet Explorer安全漏洞
CVE-2006-1018DCI-Designs Dawaween 'poems.php' SQL注入漏洞
CVE-2006-1014PHP mb_send_mail多个安全绕过漏洞
CVE-2006-1013SMBlog index.php 任意PHP指令执行漏洞
CVE-2006-0883OpenSSH远程PAM拒绝服务漏洞
CVE-2006-0741Linux Kernel ELF File Entry Point本地拒绝服务漏洞
CVE-2006-0555Linux Kernel NFS 客户端拒绝服务漏洞
CVE-2006-0554Linux 核心 XFS文件系统本地信息泄露漏洞
CVE-2006-1049Joomla 多个SQL注入漏洞
CVE-2006-1048Joomla绕过预设访问限制并得到某些特权漏洞
CVE-2006-1047Joomla未知影响和攻击矢量漏洞

Showing top 20 of 52 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-1050

No comments yet

Leave a comment