CVE-2003-0736

PhpWebSite 0.9.x and earlier contains multiple cross-site scripting (XSS) vulnerabilities in the Calendar, Fatcat, Pagemaster, and Site Search modules (and potentially other parameters). Exploitation could allow an attacker to execute arbitrary script in a user’s browser, potentially affecting gu...

CVE-2003-0737

CVE-2003-0737 : The calendar module of phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite by triggering an error from localtime() in TimeZone.php (Pear library) via an invalid year. The issue is web-accessible (network vector) with no authentication, an...

CVE-2003-0738

CVE-2003-0738 affects the calendar module of phpWebSite 0.9.x and earlier. A remote attacker can cause a denial of service (crash) by supplying a long year parameter. The CVSS data from NVD rates this as HIGH (7.8) with network access and low complexity. The connected documents do not specify a p...

CVE-2003-0735

SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter...

CVE-2003-0736

Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...

CVE-2003-0737

The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime in TimeZone.php of the Pear library...

CVE-2003-0738

The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service crash via a long year parameter...

phpWebSite SQL Injection & DoS & XSS Vulnerabilities

phpWebSite SQL Injection & DoS & XSS Vulnerabilities ------ PRODUCT: phpWebSite VENDOR: Appalachian State University VULNERABLE VERSIONS: - 0.9.x - 0.8.x - 0.7.x - And older versions. NO VULNERABLE VERSIONS - ? --------------------- Description: phpWebSite provides a complete web site content...

ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure

phpWebSite SQL Injection & DoS & XSS Vulnerabilities ------ PRODUCT: phpWebSite VENDOR: Appalachian State University VULNERABLE VERSIONS: - 0.9.x - 0.8.x - 0.7.x - And older versions. NO VULNERABLE VERSIONS - ? --------------------- Description: phpWebSite provides a complete web site content...

phpWebSite < 0.9.x Multiple Vulnerabilities

There are multiple flaws in the remote version of phpWebSite that may allow an attacker to gain the control of the remote database, or to disable this site entirely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module - &#039;PDA_limit&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. Cross-site vulnerabilities have been reported in the Calendar, PageMaster, Search and Fatcat modul...

CVE-2002-1807

Cross-site scripting XSS vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2002-2178

Cross-site scripting XSS vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag...

CVE-2002-1135

modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an incprefix parameter that points to the malicious code...

phpWebSite XSS Vulnerability

.:: phpWebSite XSS Vulnerability. A Cross-Site Scripting vulnerability found in phpWebSite that would allow attackers to inject script codes into the page and executing it on the clients browser as if it were provided by the site. • Vulnerable systems: - phpWebSite 0.8.3, maybe other versions. •...

phpWebSite 0.8.3 - article.php Cross-Site Scripting

phpWebSite 0.8.3 - article.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5864/info phpWebSite is prone to cross-site scripting attacks. This vulnerability is due to insufficient sanitization of HTML tags from URI parameters processed by the 'article.php' script. As a result, ...

phpWebSite 0.8.3 - &#039;article.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/5864/info phpWebSite is prone to cross-site scripting attacks. This vulnerability is due to insufficient sanitization of HTML tags from URI parameters processed by the 'article.php' script. As a result, an attacker may construct a malicious link to this...

PHP source injection in phpWebSite

-------------------------------------- | PHP source injection in phpWebSite | -------------------------------------- Product Description =================== phpWebSite is written in the PHP Programming Language, making it ideal for developers to write customized plug-ins. PHP is a server side...

phpWebSite 0.8.3 - News Message HTML Injection

phpWebSite 0.8.3 - News Message HTML Injection source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a...

phpWebSite 0.8.3 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that...