59 matches found
PHP-post Web Forum 0.x.1.0 - 'pm.php?replyuser' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20061/info PHP-Post is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit of these...
CVE-2006-3772
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookieuser setting in the login cookie...
[KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability
KAPDA::52 - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability KAPDA New advisory Vulnerable product: Tested on PHP-Post 0.21 and 1.0 Vendor: http://php-post.co.uk Vulnerability: Privilege Escalation Date: -------------------- Found: Nov 23, 2005 Vendor Contacted: Jun 01, 2006...
CVE-2006-3772
The CVE-2006-3772 entry concerns PHP-Post versions 0.21 and 1.0 (and possibly earlier) where, when auto-login is enabled, an attacker can bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] value in the login cookie. The connected sources confirm t...
CVE-2006-3772
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookieuser setting in the login cookie...
PHP-Post 1.0 - Cookie Modification Privilege Escalation
KAPDA::52 - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability Vulnerable product: Tested on PHP-Post 0.21 and 1.0 Vendor: http://php-post.co.uk Vulnerability: Privilege Escalation Date: -------------------- Found: Nov 23, 2005 Vendor Contacted: Jun 01, 2006 Release Date: July 18...
PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability
Exploit for unknown platform in category web applications =================================================================== PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability =================================================================== KAPDA::52 - PHP-Post 1.0 Cookie...
PHP-Post 1.0 - Cookie Modification Privilege Escalation
PHP-Post 1.0 - Cookie Modification Privilege Escalation KAPDA::52 - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability Vulnerable product: Tested on PHP-Post 0.21 and 1.0 Vendor: http://php-post.co.uk Vulnerability: Privilege Escalation Date: -------------------- Found: Nov 23,...
PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability
No description provided by source. KAPDA::52 - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability Vulnerable product: Tested on PHP-Post 0.21 and 1.0 Vendor: http://php-post.co.uk Vulnerability: Privilege Escalation Date: -------------------- Found: Nov 23, 2005 Vendor Contacted:...
CVE-2005-3770
Multiple cross-site scripting XSS vulnerabilities in PHP-Post PHPp 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the subject in a post, or the user parameter to 2 profile.php and 3 mail.php...
CVE-2005-3770
Multiple cross-site scripting XSS vulnerabilities in PHP-Post PHPp 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the subject in a post, or the user parameter to 2 profile.php and 3 mail.php...
PT-2005-4523 · Php · Php-Post
Name of the Vulnerable Software and Affected Versions: PHP-Post PHPp version 1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through the subject in a post or by manipulating th...
CVE-2005-3770
PHP-Post (PHPp) 1.0 contains cross-site scripting (XSS) vulnerabilities exploitable via the subject field in posts or the user parameter to profile.php and mail.php. The underlying issue is arbitrary-script/HTML injection, leading to potential script execution in victims’ browsers. Affected softw...
CVE-2005-0832
Cross-site scripting XSS vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2005-0831
PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters...
CVE-2005-0832
CVE-2005-0832 is an XSS vulnerability in PHP-Post prior to 0.33. The issue allows remote attackers to inject arbitrary script or HTML via unknown vectors. Affected software is PHP-Post versions before 0.33; remediation is to update to 0.33 or later. No exploitation details are provided in the con...
CVE-2005-0831
The vulnerability CVE-2005-0831 affects PHP-Post and allows remote attackers to spoof other users’ names by registering with a username containing hex-encoded characters. The description is confirmed across multiple sources (NVD, Red Hat CVE entry, CVE List) and indicates weak input handling enab...
CVE-2005-0832
Cross-site scripting XSS vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
PT-2005-1861 · Php · Php-Post
Name of the Vulnerable Software and Affected Versions: PHP-Post versions prior to 0.33 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. Recommendations: For versions prior to 0.33, update to version 0.33 or later to resolve the issue...