Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-3073

EPSS 0.98% · P77
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-3073

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco VPN3K/ASA WebVPN无客户端模式 多个跨站脚本攻击漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco VPN 3000 Series Concentrators和Cisco ASA 5500 Series Adaptive Security Appliances (ASA)中的WebVPN 功能存在多个跨站脚本攻击(XSS)漏洞。 处于WebVPN无客户端模式时, 远程攻击者可以借助(1) dnserror.html和(2) connecterror.html中的domain参数 , 注入任意Web脚本或HTML,又称bugid CSCsd81095 (VPN3k) 和 CSCse48193
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-3073

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-3073

Please Login to view more intelligence information

Same Patch Batch · n/a · 2006-06-19 · 36 CVEs total

CVE-2006-3071MP3 Search/Archive index.php 跨站脚本攻击(XSS)漏洞
CVE-2006-3063myPHP Guestbook 多个跨站脚本攻击(XSS)漏洞
CVE-2006-3064CPG include/function.inc.php SQL注入漏洞
CVE-2006-3065blur6ex blog.php SQL注入漏洞
CVE-2006-3066IBM DB2 Universal Database TCP/IP监听 缓冲区溢出
CVE-2006-3067IBM DB2 (UDB) 多个未明漏洞
CVE-2006-3068IBM DB2 UDB 特定信息 拒绝服务漏洞
CVE-2006-3069RETIRED: DoubleSpeak 多个远程文件包含漏洞
CVE-2006-3070Zeroboard write_ok.php 任意文件上载漏洞
CVE-2006-3062myPHP Guestbook index.php 跨站脚本攻击(XSS)漏洞
CVE-2006-3072Symantec Security Information Manager M4 Mac 认证绕过漏洞
CVE-2006-3074Kaspersky Anti-Virus klif.sys 拒绝服务漏洞
CVE-2006-3075PictureDis Professional/PictureDis Photoalbum 多个PHP远程文件包含漏洞
CVE-2006-3076PhpBlueDragon CMS Template.PHP 远程文件包含漏洞
CVE-2006-3077aXentGuestbook guestbook.cfm 跨站脚本攻击(XSS)漏洞
CVE-2006-3078APBoard 多个SQL注入漏洞
CVE-2006-3079SSPwiz Plus index.cfm 跨站脚本攻击(XSS)漏洞
CVE-2006-3080AxentForum viewposts.cfm 跨站脚本攻击漏洞
CVE-2006-3096iPostMX 多个SQL注入漏洞
CVE-2006-3088Car Classifieds index.php 跨站脚本(XSS)漏洞

Showing top 20 of 36 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-3073

No comments yet

Leave a comment