ADOdb < 4.71 - Cross Site Scripting

ADOdb Cross Site Scripting Vendor: John Lim Product: ADOdb Version: currpage = $SESSION$currpage; The above code is taken from adodb-pager.inc.php @ lines 72-77 and ultimately set's the $this-currpage variable to unsanitized user supplied input. Later on this variable is used when drawing the lin...

ADOdb 4.71 - Cross Site Scripting

ADOdb 4.71 - Cross Site Scripting ADOdb Cross Site Scripting Vendor: John Lim Product: ADOdb Version: currpage = $SESSION$currpage; The above code is taken from adodb-pager.inc.php @ lines 72-77 and ultimately set's the $this-currpage variable to unsanitized user supplied input. Later on this...

CVE-2006-4976

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for 1 server.php, 2 adodb-errorpear.inc.php, 3 adodb-iterator.inc.php, 4 adodb-pear.inc.php, 5 adodb-perf.inc.php, 6 adodb-xmlschema.inc.php, and 7 adodb.inc.php; files ...

CVE-2006-4976

CVE-2006-4976 : The Date Library in John Lim ADOdb Library for PHP permits remote information disclosure via direct requests to a large set of files across the package. Affected areas include: server.php, adodb-.inc.php (adodb-errorpear.inc.php, adodb-iterator.inc.php, adodb-pear.inc.php, adodb-p...

CVE-2006-4618

CVE-2006-4618 : PHP remote file inclusion in the ADODB PostgreSQL integration (adodb-postgres7.inc.php) within John Lim ADOdb, potentially affected versions ≤ 4.01, used by Intechnic In-link 2.3.4. An attacker can supply a URL via the ADODB_DIR parameter to execute arbitrary PHP code on the serve...

CVE-2004-2664

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODBDIR, which reveals the installation path in an error message...