Vulnerabilities > CVE-2006-2140 - Unspecified vulnerability in Orbitscripts Orbithyip 2.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN orbitscripts
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description OrbitHYIP 2.0 members.php id Parameter XSS. CVE-2006-2140. Webapps exploit for php platform id EDB-ID:27789 last seen 2016-02-03 modified 2006-05-01 published 2006-05-01 reporter r0t source https://www.exploit-db.com/download/27789/ title OrbitHYIP 2.0 members.php id Parameter XSS description OrbitHYIP 2.0 signup.php referral Parameter XSS. CVE-2006-2140 . Webapps exploit for php platform id EDB-ID:27788 last seen 2016-02-03 modified 2006-05-01 published 2006-05-01 reporter r0t source https://www.exploit-db.com/download/27788/ title OrbitHYIP 2.0 signup.php referral Parameter XSS
References
- http://pridels0.blogspot.com/2006/04/orbithyip-xss.html
- http://pridels0.blogspot.com/2006/04/orbithyip-xss.html
- http://secunia.com/advisories/19877
- http://secunia.com/advisories/19877
- http://www.osvdb.org/25141
- http://www.osvdb.org/25141
- http://www.osvdb.org/25142
- http://www.osvdb.org/25142
- http://www.securityfocus.com/bid/17766
- http://www.securityfocus.com/bid/17766
- http://www.vupen.com/english/advisories/2006/1583
- http://www.vupen.com/english/advisories/2006/1583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26163
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26163