CVE-2007-3425

Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2...

CVE-2007-3426

Cross-site scripting XSS vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2007-3427

SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action...

CVE-2007-3428

Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to 1 plotStatBar.php or 2 plotStatPie.php, different vectors than CVE-2007-1076...

CVE-2006-7209

Multiple cross-site scripting XSS vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the 1 main, 2 daily, 3 weekly, 4 monthly, 5 new trends, 6 individual page, and 7 search engine...

phptraffica-sql.txt

Application: phpTrafficA load some file as /etc/passwd or /path/www/stats/Php/configsql.php ?lang= is also vulnerable to xss attacks, and as Hamid Ebadi has mention $lang is also vulnerable to directory transversal ===== 4Credits ===== laurent gaffie contact : [email protected]...

phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability

No description provided by source. Application: phpTrafficA = 1.4.2 Web Site: http://soft.zoneo.net/phpTrafficA/ Versions: all Platform: linux, windows Bug: injection sql ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Credits =========== 1...

phpTrafficA < 1.4.2

Application: phpTrafficA 1.4.2 Web Site: http://soft.zoneo.net/phpTrafficA/ Versions: all Platform: linux, windows Bug: injection sql , xss , full path ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Credits =========== 1 Introduction ===========...

phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================ phpTrafficA load some file as /etc/passwd or /path/www/stats/Php/configsql.php ?lang= is also vulnerable to xss attacks, and as Hamid Ebadi has mention $lang is also vulnerab...

phpTrafficA 1.4.2 - pageid SQL Injection

phpTrafficA 1.4.2 - pageid SQL Injection Application: phpTrafficA load some file as /etc/passwd or /path/www/stats/Php/configsql.php ?lang= is also vulnerable to xss attacks, and as Hamid Ebadi has mention $lang is also vulnerable to directory transversal ===== 4Credits ===== laurent gaffie conta...

phpTrafficA 1.4.2 - &#039;pageid&#039; SQL Injection

Application: phpTrafficA load some file as /etc/passwd or /path/www/stats/Php/configsql.php ?lang= is also vulnerable to xss attacks, and as Hamid Ebadi has mention $lang is also vulnerable to directory transversal ===== 4Credits ===== laurent gaffie contact : [email protected] milw0rm.com...

phptraffic-lfi.txt

------=Part1622826164291.1172086007407 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline phpTrafficA-1.4.1 Local File Inclusion phpTrafficA is a GPL statistical tool for web traffic analysis, written in php and mySQL. It can...

Directory traversal

Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. dot dot in the 1 file parameter to plotStat.php and the 2 lang parameter to banref.php...

CVE-2007-1076

Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. dot dot in the 1 file parameter to plotStat.php and the 2 lang parameter to banref.php...

CVE-2007-1076

phpTrafficA 1.4.1 (and possibly earlier) is affected by directory traversal vulnerabilities that allow remote attackers to include arbitrary local files via the .. sequence in two parameters: (1) file parameter to plotStat.php and (2) lang parameter to banref.php. This root cause is consistent ac...

CVE-2007-1076

Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. dot dot in the 1 file parameter to plotStat.php and the 2 lang parameter to banref.php...

[UNIX] phpTrafficA Local File Inclusion

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

phpTrafficA 1.4.1 - plotStat.php?File Traversal Local File Inclusion

phpTrafficA 1.4.1 - plotStat.php?File Traversal Local File Inclusion source: https://www.securityfocus.com/bid/22655/info phpTrafficA is prone to multiple directory-traversal vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these...

phpTrafficA 1.4.1 - banref.php?lang Traversal Local File Inclusion

phpTrafficA 1.4.1 - banref.php?lang Traversal Local File Inclusion source: https://www.securityfocus.com/bid/22655/info phpTrafficA is prone to multiple directory-traversal vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these...

phpTrafficA 1.4.1 - &#039;plotStat.php?File&#039; Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/22655/info phpTrafficA is prone to multiple directory-traversal vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulnerable system in...