JVN/CVE Demo: Cveinfos

CVE

Id: 18167
CVE No.: CVE-2006-2063
Status: Candidate
Description: Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.
Phase: Assigned (20060426)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
156474	18167	CVE-2006-2063	MISC:http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html	View
156475	18167	CVE-2006-2063	OSVDB:25030	View
156476	18167	CVE-2006-2063	URL:http://www.osvdb.org/25030	View
156477	18167	CVE-2006-2063	OSVDB:25032	View
156478	18167	CVE-2006-2063	URL:http://www.osvdb.org/25032	View
156479	18167	CVE-2006-2063	OSVDB:25033	View
156480	18167	CVE-2006-2063	URL:http://www.osvdb.org/25033	View
156481	18167	CVE-2006-2063	OSVDB:25034	View
156482	18167	CVE-2006-2063	URL:http://www.osvdb.org/25034	View
156483	18167	CVE-2006-2063	OSVDB:25035	View
156484	18167	CVE-2006-2063	URL:http://www.osvdb.org/25035	View
156485	18167	CVE-2006-2063	OSVDB:25036	View
156486	18167	CVE-2006-2063	URL:http://www.osvdb.org/25036	View
156487	18167	CVE-2006-2063	OSVDB:25038	View
156488	18167	CVE-2006-2063	URL:http://www.osvdb.org/25038	View
156489	18167	CVE-2006-2063	OSVDB:25039	View
156490	18167	CVE-2006-2063	URL:http://www.osvdb.org/25039	View
156491	18167	CVE-2006-2063	OSVDB:25041	View
156492	18167	CVE-2006-2063	URL:http://www.osvdb.org/25041	View
156493	18167	CVE-2006-2063	OSVDB:25042	View
156494	18167	CVE-2006-2063	URL:http://www.osvdb.org/25042	View
156495	18167	CVE-2006-2063	OSVDB:25043	View
156496	18167	CVE-2006-2063	URL:http://www.osvdb.org/25043	View
156497	18167	CVE-2006-2063	OSVDB:25044	View
156498	18167	CVE-2006-2063	URL:http://www.osvdb.org/25044	View
156499	18167	CVE-2006-2063	OSVDB:25045	View
156500	18167	CVE-2006-2063	URL:http://www.osvdb.org/25045	View
156501	18167	CVE-2006-2063	OSVDB:25046	View
156502	18167	CVE-2006-2063	URL:http://www.osvdb.org/25046	View
156503	18167	CVE-2006-2063	OSVDB:25047	View
156504	18167	CVE-2006-2063	URL:http://www.osvdb.org/25047	View
156505	18167	CVE-2006-2063	OSVDB:25048	View
156506	18167	CVE-2006-2063	URL:http://www.osvdb.org/25048	View
156507	18167	CVE-2006-2063	OSVDB:25049	View
156508	18167	CVE-2006-2063	URL:http://www.osvdb.org/25049	View
156509	18167	CVE-2006-2063	OSVDB:25050	View
156510	18167	CVE-2006-2063	URL:http://www.osvdb.org/25050	View
156511	18167	CVE-2006-2063	OSVDB:25051	View
156512	18167	CVE-2006-2063	URL:http://www.osvdb.org/25051	View
156513	18167	CVE-2006-2063	OSVDB:25052	View
156514	18167	CVE-2006-2063	URL:http://www.osvdb.org/25052	View
156515	18167	CVE-2006-2063	OSVDB:25053	View
156516	18167	CVE-2006-2063	URL:http://www.osvdb.org/25053	View
156517	18167	CVE-2006-2063	OSVDB:25054	View
156518	18167	CVE-2006-2063	URL:http://www.osvdb.org/25054	View
156519	18167	CVE-2006-2063	OSVDB:25055	View
156520	18167	CVE-2006-2063	URL:http://www.osvdb.org/25055	View
156521	18167	CVE-2006-2063	OSVDB:25056	View
156522	18167	CVE-2006-2063	URL:http://www.osvdb.org/25056	View
156523	18167	CVE-2006-2063	OSVDB:25057	View
156524	18167	CVE-2006-2063	URL:http://www.osvdb.org/25057	View
156525	18167	CVE-2006-2063	OSVDB:25058	View
156526	18167	CVE-2006-2063	URL:http://www.osvdb.org/25058	View
156527	18167	CVE-2006-2063	OSVDB:25059	View
156528	18167	CVE-2006-2063	URL:http://www.osvdb.org/25059	View
156529	18167	CVE-2006-2063	OSVDB:25060	View
156530	18167	CVE-2006-2063	URL:http://www.osvdb.org/25060	View
156531	18167	CVE-2006-2063	OSVDB:25031	View
156532	18167	CVE-2006-2063	URL:http://www.osvdb.org/25031	View
156533	18167	CVE-2006-2063	OSVDB:25037	View
156534	18167	CVE-2006-2063	URL:http://www.osvdb.org/25037	View
156535	18167	CVE-2006-2063	SECUNIA:19867	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.35 MB
View render complete	2.85 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.71
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	528.68
Event: Controller.beforeRender	4.69
» Processing toolbar data	4.61
Rendering View	20.01
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	19.08
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.51
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.09
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/18167
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/18167
Remote Port	6532
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.210
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.12.162
Http Via	1.1 squid-proxy-5b5d847c96-vp2lt (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectdos	1
X Dostranslated Ip	216.73.216.210
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.210
Unique Id	aIdxKjo9sA3EiK3sD8C5WQAAAmM
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.210
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.210
Redirect Unique Id	aIdxKjo9sA3EiK3sD8C5WQAAAmM
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.210
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.210
Redirect Redirect Unique Id	aIdxKjo9sA3EiK3sD8C5WQAAAmM
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1753706794.0356
Request Time	1753706794

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files