Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-2063

EPSS 8.53% · P92
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-2063

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Leadhound Full 和 LITE 多个跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Leadhound Full and LITE 2.1以及可能存在漏洞的网络版本"完整版",存在多个跨站脚本漏洞。这使得远程攻击者可以借助于 (1) agent_affil.pl、(2) agent_help.pl、(3) agent_faq.pl、(4) agent_help_insert.pl、(5) sign_out.pl、(6) members.pl、(7) modify_agent_1.pl、(8) modify_agent_2.pl、(9) modify_agent.pl、(10) agent
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-2063

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-2063

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-04-26 · 43 CVEs total

CVE-2006-0048Francesco Stablum tcpick 远程拒绝服务漏洞
CVE-2006-2059Invision Power Board search.php脚本代码注入漏洞
CVE-2006-2029Jeremy Ashcraft Simplog 多个SQL注入漏洞
CVE-2006-2028Jeremy Ashcraft Simplog ImageList.PHP 跨站脚本攻击漏洞
CVE-2006-2030Allied Telesyn 拒绝服务漏洞
CVE-2006-2033CoreNews 远程文件包含漏洞
CVE-2006-2034FlexBB function/showprofile.php SQL注入漏洞
CVE-2006-2035Websense 安全绕过漏洞
CVE-2006-2036iOpus Secure Email Attachments 加密漏洞
CVE-2006-2032Core CoreNews 多个SQL注入漏洞
CVE-2006-2027Pablo Software Solutions Quick 'n Easy FTP Server 记录缓冲区溢出漏洞
CVE-2006-2041PhpWebGallery 信息泄露漏洞
CVE-2006-2040Photokorn 多个SQL注入漏洞
CVE-2006-2039Help Center Live OSTicket模块 多个SQL注入漏洞
CVE-2006-2038ampleShop 多个SQL注入漏洞
CVE-2006-2037ThWboard Index.PHP 跨站脚本攻击漏洞
CVE-2006-1864Linux Kernel SMBFS chroot目录遍历漏洞
CVE-2006-2062Leadhound 多个SQL注入漏洞
CVE-2006-2061Invision Power Board index.php ck参数远程SQL注入漏洞
CVE-2006-2060Invision Power Board action_admin/paysubscriptions.php 目录遍历漏洞

Showing top 20 of 43 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-2063

No comments yet

Leave a comment