CVE-2014-0814

Cross-site scripting XSS vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-0813

Cross-site request forgery CSRF vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings...

CVE-2014-0813

Affected software : phpMyFAQ (before 2.8.6). Vulnerability : Cross-site request forgery (CSRF) in the web interface that lets an attacker hijack the authentication of an arbitrary user to modify settings. Root cause / details : The issue is a CSRF vulnerability allowing a malicious page to trigge...

phpMyFAQ vulnerable to cross-site request forgery

Overview phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site reuqest forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information...

phpMyFAQ vulnerable to cross-site scripting

Overview phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of...

FreeBSD : phpmyfaq -- multiple vulnerabilities (4dd575b8-8f82-11e3-bb11-0025905a4771)

The phpMyFAQ team reports : An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

JVN#50943964: phpMyFAQ vulnerable to cross-site request forgery

phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information provided by t...

JVN#30050348: phpMyFAQ vulnerable to cross-site scripting

phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of the...

phpmyfaq -- multiple vulnerabilities

The phpMyFAQ team reports: An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally...

FreeBSD : phpmyfaq -- arbitrary PHP code execution vulnerability (3b86583a-66a7-11e3-868f-0025905a4771)

The phpMyFAQ team reports : Secunia noticed while analysing the advisory that authenticated users with 'Right to add attachments' are able to exploit an already publicly known issue in the bundled Ajax File Manager of phpMyFAQ version 2.8.3, which leads to arbitrary PHP code execution for...

phpmyfaq -- arbitrary PHP code execution vulnerability

The phpMyFAQ team reports: Secunia noticed while analysing the advisory that authenticated users with "Right to add attachments" are able to exploit an already publicly known issue in the bundled Ajax File Manager of phpMyFAQ version 2.8.3, which leads to arbitrary PHP code execution for...

CVE-2010-4821

Cross-site scripting XSS vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2010-4821

Cross-site scripting XSS vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2010-4821

Summary (CVE-2010-4821) A cross-site scripting (XSS) vulnerability affects phpMyFAQ prior to 2.6.9. The issue allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. The root cause is improper handling of PATH_INFO in the index entry point, leading to script...

FreeBSD Ports: phpmyfaq

The remote host is missing an update to the system as announced in the referenced advisory. VID c80a3d93-8632-11e1-a374-14dae9ebcf89 OpenVAS Vulnerability Test $ Description: Auto generated from VID c80a3d93-8632-11e1-a374-14dae9ebcf89 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: phpmyfaq

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

phpMyFAQ 2.7.0 RCE

Remote command execution vulnerability in phpMyFAQ ajaxcreatefolder.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

FreeBSD : phpmyfaq -- Remote PHP Code Execution Vulnerability (c80a3d93-8632-11e1-a374-14dae9ebcf89)

The phpMyFAQ project reports : The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

phpmyfaq -- Remote PHP Code Execution Vulnerability

The phpMyFAQ project reports: The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses...