CVE-2006-1397
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.
| Software | From | Fixed in |
|---|---|---|
| phppgads / phppgads | 2.0.4_pr2 | 2.0.4_pr2.x |
| phpadsnew / phpadsnew | 2.0.2 | 2.0.2.x |
| phpadsnew / phpadsnew | 2.0 | 2.0.x |
| phppgads / phppgads | 2.0.4 | 2.0.4.x |
| phpadsnew / phpadsnew | 2.0.4 | 2.0.4.x |
| phpadsnew / phpadsnew | 2.0.5 | 2.0.5.x |
| phppgads / phppgads | 2.0.7 | 2.0.7.x |
| phpadsnew / phpadsnew | 2.0.3 | 2.0.3.x |
| phppgads / phppgads | 2.0.5 | 2.0.5.x |
| phpadsnew / phpadsnew | 2.0.7 | 2.0.7.x |
| phpadsnew / phpadsnew | 2_dev_2001-10-09 | 2_dev_2001-10-09.x |
- http://phpadsnew.com/two/nucleus/index.php?itemid=46
- http://secunia.com/advisories/19384
- http://securityreason.com/securityalert/633
- http://securitytracker.com/id?1015828
- http://securitytracker.com/id?1015829
- http://sourceforge.net/project/shownotes.php?release_id=404963
- http://sourceforge.net/project/shownotes.php?release_id=404964
- http://www.osvdb.org/24205
- http://www.osvdb.org/24206
- http://www.securityfocus.com/archive/1/428898/100/0/threaded
- http://www.securityfocus.com/bid/17251
- http://www.vupen.com/english/advisories/2006/1107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25458
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime