phpTrafficA 2.3 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: An SQL injection exists in Php/Functions/logfunction.php, line 933: $sql3 ="INSERT INTO $tablehost SET...

phpTrafficA 1.4.1 plotStat.php file Parameter Traversal Local File Inclusion

No description provided by source...

phpTrafficA 1.4.1 banref.php lang Parameter Traversal Local File Inclusion

No description provided by source...

phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability

No description provided by source. Application: phpTrafficA = 1.4.2 Web Site: http://soft.zoneo.net/phpTrafficA/ Versions: all Platform: linux, windows Bug: injection sql ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Credits =========== 1...

CVE-2007-3647

The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information...

CVE-2007-3647

The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information...

CVE-2007-3647

CVE-2007-3647 affects phpTrafficA 1.4.3 and earlier. The isloggedin() function in Php/login.inc.php permits remote bypass of authentication by setting the username cookie to "traffic", thereby gaining administrative access. No remediation details are provided in the supplied documents.

phpTrafficA &lt;=1.4.3 Admin Login Bypass

-=--------------------ADVISORY-------------------=- phpTrafficA =1.4.3 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: phpTrafficA -=+ Version: =1.4.3 -=+ Vendor's URL: http://soft.zoneo.net/phpTrafficA/index.php -=+ Platform: WindowsLinuxUni...

phptraffica143-bypass.txt

-=--------------------ADVISORY-------------------=- phpTrafficA =1.4.3 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: phpTrafficA -=+ Version: =1.4.3 -=+ Vendor's URL: http://soft.zoneo.net/phpTrafficA/index.php -=+ Platform:...

CVE-2007-3426

Cross-site scripting XSS vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2007-3427

SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action...

CVE-2007-3425

Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2...

CVE-2007-3428

Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to 1 plotStatBar.php or 2 plotStatPie.php, different vectors than CVE-2007-1076...

Directory traversal

Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2...

Sql injection

SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action...

CVE-2007-3425

CVE-2007-3425 is a directory traversal vulnerability in phpTrafficA 1.4.2 and earlier. An attacker can cause Local File Inclusion by manipulating the lang parameter in index.php, allowing remote access to arbitrary local files. The root cause is unsafe handling of the lang parameter leading to in...

CVE-2007-3426

The CVE-2007-3426 issue affects phpTrafficA (versions 1.4.2 and earlier). The vulnerability is an XSS in index.php where the lang parameter can be exploited to inject arbitrary web script or HTML. This could allow remote attackers to run client-side code in the context of the affected user’s sess...

CVE-2007-3427

Affected software: phpTrafficA 1.4.2 and earlier. The vulnerability is in index.php (stats action) where the pageid parameter enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. Root cause: improper handling/validation of pageid leading to injection. Impact: as sta...

CVE-2007-3428

CVE-2007-3428 describes multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 that allow remote attackers to influence the application via the file parameter to plotStatBar.php or plotStatPie.php. The initial entry notes the impact as unknown and does not specify exploit vectors or aff...

CVE-2006-7209

CVE-2006-7209 describes multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before version 1.2beta2 . The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords, affecting the application's pages for main, daily, weekly, mon...