GLSA-200508-21 : phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

The remote host is affected by the vulnerability described in GLSA-200508-21 phpWebSite: Arbitrary command execution through XML-RPC and SQL injection phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, 'matrixkiller'...

phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...

phpwebsite0101.txt

TITLE: ===== phpWebSite 0.10.1 Full SQL Injection SOFTWARE: ========== phpWebSite 0.10.1 Full INFO: ===== phpWebSite provides a complete web site content management system. DESCRIPTION: ============ phpWebSite 0.10.1 full is vulnerable to an sql injection attack. Here is an example:...

phpWebSite 0.10.1 Full SQL injection

TITLE: phpWebSite 0.10.1 Full SQL injection Severity: Medium or even critical SOFTWARE: phpWebSite 0.10.1 Full DESCRIPTION: phpWebSite 0.10.1 full is vulnable to a sql injection.Here is a example: http://localhost/phpweb/index.php?module=sqlinjection DB Error: syntax error SELECT showblock,...

[Full-disclosure] phpWebSite 0.10.1 Full SQL Injection

TITLE: ===== phpWebSite 0.10.1 Full SQL Injection SOFTWARE: ========== phpWebSite 0.10.1 Full INFO: ===== phpWebSite provides a complete web site content management system. DESCRIPTION: ============ phpWebSite 0.10.1 full is vulnerable to an sql injection attack. Here is an example:...

CVE-2004-2322

CVE-2004-2322 affects phpWebSite before 0.9.3-2. SQL injection exists in the announce and notes modules (ANN_id parameter) that allows remote attackers to execute arbitrary SQL queries. Impact: partial confidentiality/integrity/availability. Exploitation details are not provided in the available ...

CVE-2004-2322

SQL injection vulnerability in the 1 announce and 2 notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANNid parameter to the announce module...

phpWebSite: Multiple vulnerabilities

Background phpWebSite is a content management system written in PHP. Description phpWebSite fails to sanitize input sent to the XML-RPC server using the "POST" method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Impact A remote attacker could exploit...

GLSA-200507-07 : phpWebSite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200507-07 phpWebSite: Multiple vulnerabilities phpWebSite fails to sanitize input sent to the XML-RPC server using the 'POST' method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Impac...

[SA15958] phpWebSite SQL Injection and Disclosure of Sensitive Information

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

phpwebsiteSQL.txt

This is a multi-part message in MIME format. ------=NextPart00000D101C58264.72EAAD10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dcrab 's Security Advisory http://www.dbtech.org Deadbolt Computer Technologies Get Dcrab's Services to audit your Web...

phpWebSite <= 0.10.1 Multiple Vulnerabilities

The remote host is running a version of phpWebSite that suffers from multiple flaws : - Multiple SQL Injection Vulnerabilities An attacker can affect database queries through the parameters 'module' and 'mod' of the script 'index.php'. This may allow for disclosure of sensitive information, attac...

phpWebSite 0.7.30.8.x0.9.x - index.php Directory Traversal

phpWebSite 0.7.30.8.x0.9.x - index.php Directory Traversal source: https://www.securityfocus.com/bid/14166/info phpWebSite is affected by a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote unauthorized user can...

phpWebSite 0.7.3/0.8.x/0.9.x - &#039;index.php&#039; Directory Traversal

source: https://www.securityfocus.com/bid/14166/info phpWebSite is affected by a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote unauthorized user can disclose the contents of arbitrary local files through the...

USN-147-1: PHP XMLRPC vulnerability

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR PHP Extension and Application Repository extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web...

CVE-2002-1807

Cross-site scripting XSS vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2002-1807

The CVE-2002-1807 entry describes a Cross-site Scripting (XSS) vulnerability in phpWebSite version 0.8.3 that allows remote attackers to inject arbitrary web script or HTML through Javascript in an IMG tag. The affected software is phpWebSite 0.8.3; the underlying cause is an XSS flaw in handling...

CVE-2005-0565

The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension...

CVE-2005-0572

index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEAsearchmodule parameter, which reveals the path in a PHP error message...

GLSA-200503-04 : phpWebSite: Arbitrary PHP execution and path disclosure

The remote host is affected by the vulnerability described in GLSA-200503-04 phpWebSite: Arbitrary PHP execution and path disclosure NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable ...