CVE-2013-7196

static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified valitemid parameter for the publication...

CVE-2013-7195

PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication...

PHPFox访问控制安全限制绕过漏洞

Bugtraq ID:66677 CVE ID:CVE-2013-7196 PHPFox是社交网络脚本。。 phpFox存在一个安全漏洞，允许攻击者利用漏洞绕过安全限制执行未授权操作。 0 PHPFox 3.7.3 PHPFox 3.7.4 PHPFox 3.7.5 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： www.phpfox.com coreajax=truecorecall=comment.addcoresecuritytoken=686f82ec43f7dcd92784ab36ab5cbfb7...

PHPFox access control security restriction bypass Vulnerability(CVE-2 0 1 3-7 1 9 5)-vulnerability warning-the black bar safety net

Affected system: PHPFox PHPFox Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 6 6 6 7 2 CVECAN ID: CVE-2 0 1 3-7 1 9 5 PHPFox is a social network script. PHPFox 3.7.3, 3.7.4, 3.7.5 in the realization of the presence of security restrictio...

PHPFox访问控制安全限制绕过漏洞

Bugtraq ID:66672 CVE ID:CVE-2013-7195 PHPFox是社交网络脚本。 PHPFox 3.7.3, 3.7.4, 3.7.5在实现上存在安全限制绕过漏洞，攻击者可利用此漏洞PHPFox是社交网络脚本。 0 PHPFox 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： www.phpfox.com amp;coreajax=trueamp;corecall=comment.addamp;coresecuritytoken=686f82ec43f7dcd92784ab36ab5cbfb7...

PHPFox - Access Control Security Bypass

PHPFox - Access Control Security Bypass source: https://www.securityfocus.com/bid/66677/info PHPFox is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization. Attackers can leverage this issue to bypass security restrictions and perform...

PHPFox - Access Control Security Bypass

source: https://www.securityfocus.com/bid/66677/info PHPFox is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization. Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in...

PHPFox 3.7.5 Authorization Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CNA primary MITRE Corporation [email protected] Software Vendors PHPFox http://www.phpfox.com Product http://demo.phpfox.com Version: v3.7.3, v3.7.4 and v3.7.5 Research Wesley Henrique Leite wesleyhenrique \NOSPAM gmail \NOSPAM// com +...

PHPFox 3.6.0 Cross Site Scripting

------------------------------------------------------------ Exploit Title: PHPFox v3.6.0 build6 Multiple Cross-Site Scripting vulnerabilities ------------------------------------------------------------ Author: BHG Security Center Date: Saturday, October 12, 2013 Vendor: http://www.phpfox.com...

PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities

------------------------------------------------------------ PHPFox v3.6.0 build3 Multiple SQL Injection vulnerabilities ------------------------------------------------------------ == Description == - Software link: http://www.phpfox.com - Affected versions: version 3.6.0 build3 is vulnerable...

PHPFox 3.6.0 /user/browse/view_/ SQL注入漏洞

No description provided by source...

PHPFox v3.4.1 XSS vulnerabilities

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page...

CVE-2013-5121

SQL injection vulnerability in PHPFox before 3.6.0 build6 allows remote attackers to execute arbitrary SQL commands via the searchsortby parameter to user/browse/view/...

CVE-2013-5120

SQL injection vulnerability in PHPFox before 3.6.0 build4 allows remote attackers to execute arbitrary SQL commands via the searchgender parameter to user/browse/view/...

Sql injection

SQL injection vulnerability in PHPFox before 3.6.0 build4 allows remote attackers to execute arbitrary SQL commands via the searchgender parameter to user/browse/view/...

Sql injection

SQL injection vulnerability in PHPFox before 3.6.0 build6 allows remote attackers to execute arbitrary SQL commands via the searchsortby parameter to user/browse/view/...

CVE-2013-5121

PHPFox prior to 3.6.0 (build6) is affected by an SQL injection in the user/browse/view_ endpoint via the search[sort_by] parameter. The underlying issue is unsafeguarded SQL construction that allows remote attackers to execute arbitrary SQL commands, with potential partial impact to confidentiali...

CVE-2013-5121

SQL injection vulnerability in PHPFox before 3.6.0 build6 allows remote attackers to execute arbitrary SQL commands via the searchsortby parameter to user/browse/view/...

CVE-2013-5120

PHPFox up to version 3.6.0 (build4) is affected by an SQL injection in the search[gender] parameter passed to user/browse/view_. The root cause is unsanitized input leading to arbitrary SQL execution. This affects remote attackers with network access; the vulnerability can enable partial to full ...

CVE-2013-5120

SQL injection vulnerability in PHPFox before 3.6.0 build4 allows remote attackers to execute arbitrary SQL commands via the searchgender parameter to user/browse/view/...