CVE-2007-4917

CVE-2007-4917 is an XSS vulnerability in tracking.php of PHP-Stats 0.1.9.2. The issue allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a vector distinct from CVE-2007-4334. The connected records corroborate the vulnerability’s existence in P...

CVE-2007-4917

Cross-site scripting XSS vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334...

new XSS vulnerability in php-stats -tracking.php

I found a new xss in php-stats 0.1.9.2 http://phpstats.net/ http://www.example.com/php-stats-path/tracking.php?what=online&ip=XSS Stats must have public access for this difference from whois.php XSS...

PHP-Stats 0.1.9.2 - Tracking.php Cross-Site Scripting

PHP-Stats 0.1.9.2 - Tracking.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25674/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

PHP-Stats 0.1.9.2 - 'Tracking.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/25674/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

CVE-2007-4334

Cross-site scripting XSS vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter...

CVE-2007-4334

The CVE-2007-4334 entry describes a cross-site scripting (XSS) vulnerability in Php-stats 0.1.9.2, specifically in whois.php. The underlying issue is an injection of arbitrary script/HTML via the IP parameter. This could allow an attacker to execute code in a victim’s browser when viewing the aff...

CVE-2007-4334

Cross-site scripting XSS vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter...

phpstats-xss.txt

I have found an xss in whois.php page of php-stats. http://phpstats.net/ Here is the XSS php-stats-path/whois.php?IP=%22%3E%3Cscript%3Ealertdocument.cookie;%3C/script%3E...

php-stats xss whois.php

I have found an xss in whois.php page of php-stats. http://phpstats.net/ Here is the XSS php-stats-path/whois.php?IP=223E3Cscript3Ealertdocument.cookie;3C/script3E...

PHP-Stats 0.1.9.2 - WhoIs.php Cross-Site Scripting

PHP-Stats 0.1.9.2 - WhoIs.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25275/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scrip...

PHP-Stats 0.1.9.2 - 'WhoIs.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/25275/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

CVE-2006-7173

Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted optionnewreportwday parameter in a preferenze action, which can be later accessed via option/php-stats-options.php...

CVE-2006-7172

Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the 1 PC-REMOTE-ADDR HTTP header, which is inserted into $SERVER'HTTPPCREMOTEADDR', or 2 ip parameter...

CVE-2006-7173

Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted optionnewreportwday parameter in a preferenze action, which can be later accessed via option/php-stats-options.php...

CVE-2006-7172

CVE-2006-7172 affects PHP-Stats up to version 0.1.9.1b. Multiple SQL injection flaws exist in php-stats.recphp.php that allow remote attackers to execute arbitrary code via the (1) PC-REMOTE-ADDR HTTP header (in $_SERVER['HTTP_PC_REMOTE_ADDR']) or (2) ip parameter. The header infers a leading dot...

CVE-2006-7173

CVE-2006-7173 affects PHP-Stats prior to 0.1.9.1b. Description: direct static code injection in admin.php allows remote PHP code execution via crafted option_new[report_w_day] in a preferenze action, which can later be accessed through option/php-stats-options.php. NVD assigns a HIGH base score (...

CVE-2006-7172

Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the 1 PC-REMOTE-ADDR HTTP header, which is inserted into $SERVER'HTTPPCREMOTEADDR', or 2 ip parameter...

Php-Stats <= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b admin 2 exec exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork example: inurl:php-stats.js.php...