Lucene search
+L

107 matches found

ptsecurity
ptsecurity
added 2023/11/02 12:0 a.m.3 views

PT-2023-30233 · Phpfox · Phpfox

Name of the Vulnerable Software and Affected Versions: phpFox versions prior to 4.8.14 Description: An issue was discovered where the url request parameter passed to the "/core/redirect" route is not properly sanitized before being used in a call to the unserialize PHP function. This can be...

9.8CVSS7.1AI score0.01806EPSS
Exploits3References11
zdt
zdt
added 2023/10/30 12:0 a.m.407 views

phpFox 4.8.13 PHP Object Injection Exploit

phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject...

9.8CVSS7.4AI score0.01806EPSS
Exploits3
cnnvd
cnnvd
added 2023/10/27 12:0 a.m.5 views

phpFox Security Vulnerabilities

phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox 4.8.13 and earlier versions, which stems from user input passed to the /core/redirect route via a url request parameter that is not properly cleaned up before calling the unserialize PHP function,...

9.8CVSS7AI score0.01806EPSS
Exploits3References7
packetstorm
packetstorm
added 2023/10/27 12:0 a.m.543 views

phpFox 4.8.13 PHP Object Injection

-------------------------------------------------------------- phpFox = 4.8.13 redirect PHP Object Injection Vulnerability -------------------------------------------------------------- - Software Link: https://www.phpfox.com - Affected Versions: Version 4.8.13 and prior versions. - Vulnerability...

7.1AI score0.01806EPSS
Exploits3
nvd
nvd
added 2014/11/21 3:59 p.m.19 views

CVE-2014-8469

Cross-site scripting XSS vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header...

4.3CVSS5.7AI score0.03217EPSS
Exploits3References5
prion
prion
added 2014/11/21 3:59 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header...

4.3CVSS6.1AI score0.03217EPSS
Exploits3References5Affected Software1
cvelist
cvelist
added 2014/11/21 3:0 p.m.29 views

CVE-2014-8469

Cross-site scripting XSS vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header...

5.7AI score0.03217EPSS
Exploits3References5
cve
cve
added 2014/11/21 3:0 p.m.43 views

CVE-2014-8469

CVE-2014-8469 is a stored XSS in PHPFox (Moxi9) before 4 Beta, exploitable via the User-Agent header in AdminCP’s Guests/Boots. The issue arises from manipulating the user_agent field, enabling remote script/html injection. Public records show an exploit exists (PHPFox XSS AdminCP) and the vendor...

4.3CVSS5.8AI score0.03217EPSS
Exploits3References5Affected Software1
packetstorm
packetstorm
added 2014/11/18 12:0 a.m.39 views

PHPFox Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CNA primary MITRE Corporation cve-assign \NOSPAM\ mitre \NOSPAM\ org Software Vendors http://moxi9.com/phpfox Product: PhpFox Version: ALL Research Wesley Henrique Leite wesleyhenrique \NOSPAM gmail \NOSPAM// com + INFORMATION Vendor Notified :...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2014/11/17 12:0 a.m.45 views

PHPFox - Persistent Cross-Site Scripting

PHPFox - Persistent Cross-Site Scripting Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system store...

4.3CVSS6.3AI score0.03217EPSS
Exploits3
exploitdb
exploitdb
added 2014/11/17 12:0 a.m.32 views

PHPFox - Persistent Cross-Site Scripting

Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system stores all urls accessed in a database table,...

4.3CVSS7AI score0.03217EPSS
Exploits3
seebug
seebug
added 2014/07/01 12:0 a.m.29 views

PHPFox 3.6.0 (build3) Multiple SQL Injection Vulnerabilities

No description provided by source. ------------------------------------------------------------ PHPFox v3.6.0 build3 Multiple SQL Injection vulnerabilities ------------------------------------------------------------ == Description == - Software link: http://www.phpfox.com - Affected versions:...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.38 views

phpFox <= 3.0.1 (ajax.php) Remote Command Execution Exploit

No description provided by source. ?php / ----------------------------------------------------------- phpFox = 3.0.1 ajax.php Remote Command Execution Exploit ----------------------------------------------------------- author.............: Egidio Romano aka EgiX mail...............:...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.91 views

Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CNA primary MITRE Corporation [email protected] Software Vendors PHPFox http://www.phpfox.com Product http://demo.phpfox.com Version: v3.7.3, v3.7.4 and v3.7.5 Research Wesley Henrique Leite wesleyhenrique NOSPAM gmail NOSPAM// com + INFORMATION...

5.5CVSS6.1AI score0.0244EPSS
Exploits3
nvd
nvd
added 2014/04/18 10:14 p.m.13 views

CVE-2013-7196

static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified valitemid parameter for the publication...

5.5CVSS6.2AI score0.0244EPSS
Exploits2References3
nvd
nvd
added 2014/04/18 10:14 p.m.20 views

CVE-2013-7195

PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication...

5.5CVSS6.2AI score0.01175EPSS
Exploits2References3
prion
prion
added 2014/04/18 10:14 p.m.17 views

Design/Logic Flaw

PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication...

5.5CVSS6.7AI score0.01175EPSS
Exploits2References3Affected Software1
prion
prion
added 2014/04/18 10:14 p.m.23 views

Design/Logic Flaw

static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified valitemid parameter for the publication...

5.5CVSS6.7AI score0.0244EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2014/04/18 7:0 p.m.22 views

CVE-2013-7196

static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified valitemid parameter for the publication...

6.2AI score0.0244EPSS
Exploits2References3
cvelist
cvelist
added 2014/04/18 7:0 p.m.29 views

CVE-2013-7195

PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication...

6.2AI score0.01175EPSS
Exploits2References3
Rows per page
Query Builder