191 matches found
phpMyChat Plus 1.93 SQL Injection
------------------------------------------------------------------------ Software................phpMyChat Plus 1.93 Vulnerability...........Blind SQL Injection Threat Level............Serious 3/5 Download................http://sourceforge.net/projects/phpmychat/ Discovery Date..........4/25/2011...
Cross site scripting
Cross-site scripting XSS vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-1504
Cross-site scripting XSS vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-1504
Cross-site scripting XSS vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-1504
The CVE-2008-1504 entry concerns a Cross-site Scripting (XSS) vulnerability in the setup.php3 component of phpHeaven phpMyChat 0.14.5. The issue is triggered by untrusted input in the Lang parameter, allowing remote attackers to inject arbitrary web-script/HTML. The description and references ind...
phpMyChat 0.14.5 - 'setup.php3' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28399/info phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
phpMyChat 0.14.5 - setup.php3 Cross-Site Scripting
phpMyChat 0.14.5 - setup.php3 Cross-Site Scripting source: https://www.securityfocus.com/bid/28399/info phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the 1 LIMIT parameter to chat/deluser.php3, the 2 Link parameter to chat/edituser.php3, or the 3 LastCheck or 4 B parameter to chat/userspopupL.php3. NOTE: the...
CVE-2007-6296
PHP remote file inclusion vulnerability in userspopupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter...
CVE-2007-6297
Multiple cross-site scripting XSS vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the 1 LIMIT parameter to chat/deluser.php3, the 2 Link parameter to chat/edituser.php3, or the 3 LastCheck or 4 B parameter to chat/userspopupL.php3. NOTE: the...
Remote file inclusion
PHP remote file inclusion vulnerability in userspopupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter...
CVE-2007-6296
CVE-2007-6296 : PHP remote file inclusion in phpMyChat 0.14.5, via a URL in the From parameter of users_popupL.php3, allows remote attackers to execute arbitrary PHP code. The provided sources confirm an RFI vulnerability without detailing a vendor patch or fixed version. The underlying issue is ...
CVE-2007-6297
Multiple cross-site scripting XSS vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the 1 LIMIT parameter to chat/deluser.php3, the 2 Link parameter to chat/edituser.php3, or the 3 LastCheck or 4 B parameter to chat/userspopupL.php3. NOTE: the...
CVE-2007-6297
CVE-2007-6297 details multiple XSS vulnerabilities in PHPMyChat (0.14.5/0.14.6) that allow remote attackers to inject arbitrary script/html via parameters: LIMIT (chat/deluser.php3), Link (chat/edituser.php3), and LastCheck or B (chat/users_popupL.php3). The entry notes related vectors (FontName ...
phpmychat-xssrfi.txt
Application : phpMyChat v0.14.5 Email ; [email protected] Website: http://phpmychat.sourceforge.net/ Many webhosting companies are offering this version of phpMychat in their cpanel : ---------------------------- | Remote File Inclusion: | ----------------------------...
RFI and Multiple XSS in PhpMyChat
Application : phpMyChat 0.14.5 Email ; [email protected] Website: http://phpmychat.sourceforge.net/ Many webhosting companies are offering this version of phpMychat in their cpanel : ---------------------------- | Remote File Inclusion: | ----------------------------...
phpMyChat 0.14.5 - '/chat/users_popupL.php3' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/26698/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
phpMyChat 0.14.5 - chatdeluser.php3?LIMIT Cross-Site Scripting
phpMyChat 0.14.5 - chatdeluser.php3?LIMIT Cross-Site Scripting source: https://www.securityfocus.com/bid/26698/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
phpMyChat 0.14.5 - chatusers_popupL.php3 Multiple Cross-Site Scripting Vulnerabilities
phpMyChat 0.14.5 - chatuserspopupL.php3 Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26698/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these...
phpMyChat 0.14.5 - 'chat/deluser.php3?LIMIT' Cross-Site Scripting
source: https://www.securityfocus.com/bid/26698/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...