CVE-2005-3734

Cross-site scripting XSS vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 thema, 2 username, and 3 usermail parameters...

CVE-2005-3734

The CVE-2005-3734 entry describes a Cross-site scripting (XSS) vulnerability in the phpMyFAQ 1.5.3 and earlier "add content" page. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. Affected product: phpMyFAQ (ver...

[TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Multiple Cross Site Scripting vulnerabilities in phpMyFAQ Name: TKADV2005-11-004 Revision: 1.0 Release Date: 2005/11/19 Last Modified: 2005/11/19 Author: Tobias Klein tk at trapkit.de Affected Software: phpMyFAQ all versions = phpMyFAQ 1.5.3...

TKADV2005-11-004.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Multiple Cross Site Scripting vulnerabilities in phpMyFAQ Name: TKADV2005-11-004 Revision: 1.0 Release Date: 2005/11/19 Last Modified: 2005/11/19 Author: Tobias Klein tk at trapkit.de Affected Software: phpMyFAQ all versions = phpMyFAQ 1.5.3...

phpMyFAQ action parameter arbitrary file disclosure vulnerability

The remote web server contains a PHP script that permits information disclosure of local files. Description : The version of phpMyFAQ on the remote host contains a flaw that may lead to an unauthorized information disclosure. The problem is that user input passed to the 'action' parameter is not...

phpMyFAQ < 1.3.12 Directory Traversal Vulnerability

The remote web server contains a PHP script that permits information disclosure of local files. The version of phpMyFAQ on the remote host contains a flaw that may lead to an unauthorized information disclosure. The problem is that user input passed to the SPDX-FileCopyrightText: 2004 David...

phpMyFAQ < 1.5.2 Multiple Vulnerabilities

The remote host is running a version of phpMyFAQ that suffers from arbitrary code execution if the server is Windows-based, SQL injection and cross-site scripting attacks, as well as information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

PhpMyFAQ 1.5.1 multiple vulnerabilities

2.31 23/09/2005 PhpMyFaq 1.5.1 SQL injection / board takeover / user info disclosure / path disclosure remote code / commands execution software: site: http://www.phpmyfaq.de/ description: "phpMyFAQ is a multilingual, completely database-driven FAQ-system. It supports various databases to store a...

CVE-2005-3050

PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message...

CVE-2005-3049

PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/trackingDATE file...

CVE-2005-3047

Multiple cross-site scripting XSS vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 PMFCONFversion parameter to footer.php or 2 PMFLANGmetaLanguage to header.php...

CVE-2005-3048

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. dot dot in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated ...

CVE-2005-3046

CVE-2005-3046 affects PhpMyFaq 1.5.1. The vulnerability is a SQL injection in password.php via the user field, enabling remote attackers to modify SQL queries and gain administrator privileges. Connected sources corroborate the issue and its impact; exploitation specifics are not provided beyond ...

CVE-2005-3049

PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/trackingDATE file...

CVE-2005-3050

PhpMyFaq 1.5.1 is affected by CVE-2005-3050, enabling remote attackers to disclose sensitive information through a non-existent LANGCODE parameter that reveals file paths in error messages. The NVD entry assigns a base score of 5.0 (Medium) with network access, low attack complexity, and partial ...

CVE-2005-3048

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. dot dot in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated ...

CVE-2005-3047

CVE-2005-3047 describes multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1. The flaws allow remote attackers to inject arbitrary web script or HTML via two parameters: PMF_CONF[version] in footer.php and PMF_LANG[metaLanguage] in header.php. Documents consistently reference Php...

CVE-2005-3046

SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field...

CVE-2005-3048

CVE-2005-3048 affects PhpMyFAQ 1.5.1, where a directory traversal via LANGCODE in index.php can cause reading of arbitrary files or including arbitrary PHP files, enabling remote code execution via the request data (notably the User Agent field) and referencing the user tracking data file. The Op...

CVE-2005-3050

PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message...