Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-2824

EPSS 0.74% · P73
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-2824

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Logicalware MailManager 数据流"0xc8 0x27" 权限许可和访问控制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Logicalware MailManager的2.0.10之前版本未将发给服务器的数据流中的0xc8 0x27(0xc8跟着一个单引号字符)除去,远程攻击者可在使用PostgreSQL时获取管理员访问权,又称"bug #1494281 - Postgres编码安全漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-2824

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-2824

Please Login to view more intelligence information

Same Patch Batch · n/a · 2006-06-05 · 26 CVEs total

CVE-2006-2814iShopCart 多个远程安全漏洞
CVE-2006-2827X-Cart Gold/Pro/X-Cart search.php SQL注入漏洞
CVE-2006-2826phpRPC库 rpc_decoder.php文件 输入验证漏洞
CVE-2006-2825cPanel PHP open_basedir配置指令 权限许可和访问控制漏洞
CVE-2006-2823Katrien De Graeve a.shopKart web根目录 信息泄露漏洞
CVE-2006-2822Dusan Drobac CodeAvalanche FreeForum (CAForum) admin/default.asp SQL注入漏洞
CVE-2006-2821DeltaScripts PHP Pro Publish多个跨站脚本攻击漏洞
CVE-2006-2820HotWebScripts.com Weblog Oggi 跨站脚本攻击(XSS)漏洞
CVE-2006-2819Barnraiser Igloo Wiki.php 在PHP远程文件包含漏洞
CVE-2006-2818Cameron McKay Informium common-menu.php PHP远程文件包含漏洞
CVE-2006-2817Tekno.Portal Bolum.PHP SQL注入漏洞
CVE-2006-2816CoolPHP Index.PHP 跨站脚本攻击漏洞
CVE-2006-2815Two Shoes M-Factory (TSMF) SimpleBoard Stable 多个跨站脚本攻击(XSS)漏洞
CVE-2006-2828PHP-Nuke 多个全局变量重写漏洞
CVE-2006-2813IShopCart Easy-Scart.CGI 目录遍历漏洞
CVE-2006-2812Dominios Europa PICRATE index.php 多个跨站脚本攻击(XSS)漏洞
CVE-2006-2811Ovidentia 多个输入验证漏洞
CVE-2006-2810Belchior Foundry vCard 多个跨站脚本攻击(XSS) 漏洞
CVE-2006-2809ar-blog index.php 多个跨站脚本攻击(XSS)漏洞
CVE-2006-2808Lycos Tripod htmlGEAR guestGEAR 跨站脚本攻击(XSS)漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-2824

No comments yet

Leave a comment