CVE-2004-1516

CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the blockusername parameter in the user module...

GLSA-200411-35 : phpWebSite: HTTP response splitting vulnerability

The remote host is affected by the vulnerability described in GLSA-200411-35 phpWebSite: HTTP response splitting vulnerability Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact : A malicious user could inject arbitrary...

phpWebSite: HTTP response splitting vulnerability

Background phpWebSite is a web site content management system. Description Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact A malicious user could inject arbitrary response data, leading to content spoofing, web cache...

security hole (http response splitting) in phpwebsite

ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...

phpwebsite.txt

ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...

phpWebSite 0.7.30.8.x0.9.3 - User Module HTTP Response Splitting

phpWebSite 0.7.30.8.x0.9.3 - User Module HTTP Response Splitting source: https://www.securityfocus.com/bid/11673/info A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-suppli...

phpWebSite 0.7.3/0.8.x/0.9.3 - User Module HTTP Response Splitting

source: https://www.securityfocus.com/bid/11673/info A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to...

PhpWebSite contains multiple cross-site scripting vulnerabilities

Overview PhpWebSite contains multiple cross-site scripting vulnerabilities that may allow an attacker to execute arbitrary code on users' web browser. Description PhpWebSite is an open-source web content management system. Certain PhpWebSite modules fail to properly filter URLs for malicious...

PhpWebSite calendar module contains a SQL injection vulnerability

Overview The PhpWebSite contains an SQL injection vulnerability that may allow malicious users to execute SQL queries on a server with the privileges of the PhpWebSite administrator. Description PhpWebSite is an open-source web content management system that includes a web-based calendar module t...

CVE-2002-1135

The CVE targets modsecurity.php 1.10 and earlier and phpWebSite 0.8.2 and earlier, where an inc_prefix parameter can point to malicious code, allowing remote PHP code execution. The issue is described with an attack vector over the network, with no authentication, and results in partial confident...

CVE-2002-1135

modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an incprefix parameter that points to the malicious code...

CVE-2004-1654

SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via caltemplate...

CVE-2004-1655

Cross-site scripting XSS vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 CMpid parameter in the comments module or 2 the subject or message fields in the notes module...

phpWebSite 0.7.30.8.x0.9.x Comment Module - CM_pid Cross-Site Scripting

phpWebSite 0.7.30.8.x0.9.x Comment Module - CMpid Cross-Site Scripting source: https://www.securityfocus.com/bid/11088/info It is reported that phpWebSite is susceptible to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The cross-site scripting issue is present i...

phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11088/info It is reported that phpWebSite is susceptible to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The cross-site scripting issue is present in a parameter of the comments module script. An attacker can exploit...

CVE-2003-0735

SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter...

CVE-2003-0736

Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...

CVE-2003-0737

The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime in TimeZone.php of the Pear library...

CVE-2003-0738

The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service crash via a long year parameter...

CVE-2003-0735

CVE-2003-0735 affects phpWebSite 0.9.x and earlier, specifically the Calendar module. The root cause is insufficient input validation for calendar events, allowing SQL injection via user-controlled input (e.g., cal_template) and potentially enabling execution of arbitrary SQL with the PHPWebSite ...