10 matches found
EUVD-2005-3552
Malware in sbrugna...
PHPKit <= 1.6.1 R2 overview.php SQL injection Vulnerability Exploit
No description provided by source. ----------------------------Information------------------------------------------------ +Name : PHPKit = 1.6.1 R2 overview.php SQL injection Vulnerability Exploit +Autor : Easy Laster +Date : 22.10.2010 +Script : PHPKit 1.6.1 R2 +Price : free +Language : PHP...
CVE-2010-5279
article.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to cause a denial of service memory consumption via a large integer in the ratearticleselect parameter...
CVE-2010-5064
Multiple cross-site scripting XSS vulnerabilities in Virtual War aka VWar 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via 1 the Additional Information field to challenge.php, the 2 Additional Information or 3 Contact information field to joinus.php, 4 the War Report fie...
CVE-2010-5066
CVE-2010-5066 affects Virtual War (VWar) 1.6.1 R2. The createRandomPassword function in includes/functions_common.php uses a small seed range for mt_srand, which reduces randomness and Leaks passwords to brute-force attempts by remote attackers. Root cause: limited seed space for the PHP random g...
CVE-2010-5064
Multiple cross-site scripting XSS vulnerabilities in Virtual War aka VWar 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via 1 the Additional Information field to challenge.php, the 2 Additional Information or 3 Contact information field to joinus.php, 4 the War Report fie...
Sql injection
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter...
CVE-2007-0179
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter...
CVE-2005-4424
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. dot dot in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00...
CVE-2005-3553
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in conjunction with the login/userinfo.php path and 2 the session parameter aka the PHPKITSID variable...