EUVD-2005-1387

Malware in sbrugna...

EUVD-2005-4208

Malware in sbrugna...

phpCOIN 1.2.2 includes/db.php $_CCFG[_PKG_PATH_DBSE] Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote PHP...

CVE-2005-4213

CVE-2005-4213 describes a SQL injection in mod.php of phpCOIN 1.2.2 exploitable via the phpcoinsessid cookie, allowing remote SQL commands. This affects phpCOIN 1.2.2 prior to any fixes; remediation is not detailed in the provided documents, but related Nessus entries reference a 1.2.2 fix releas...

CVE-2005-4211

PHP remote file inclusion in phpCOIN 1.2.2 affects coin_includes/db.php, allowing an attacker to supply a URL via the _CCFG[_PKG_PATH_DBSE] parameter to execute arbitrary PHP code. This is a code-execution exposure in the web application, with no exploitation details provided beyond the parameter...

CVE-2005-1384

CVE-2005-1384 : The phpCoin project – version 1.2.2 or older – is affected by multiple SQL injection vulnerabilities. The issues arise from improper sanitization in user-supplied input and affect the following entry points/parameters: (1) search in index.php, (2) phpcoinsessid in login.php, (3) i...