Multiple Sql injections in phpCoin v1.2.2 and below

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple Sql injections in phpCo...

phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities

The remote host is running phpCOIN version 1.2.2 or older. These versions suffer from several SQL injection vulnerabilities due to their failure to properly sanitize input to the 'search' parameter of the 'index.php' script, the 'phpcoinsessid' parameter of the 'login.php' script and the 'id',...

PHPCoin < 1.2.2 2005-12-13 Multiple Script SQL Injection (deprecated)

Binary data 2867.prm...

phpCOIN 1.2 - login.php?PHPcoinsessid SQL Injection

phpCOIN 1.2 - login.php?PHPcoinsessid SQL Injection source: https://www.securityfocus.com/bid/13433/info PHPCoin is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL...

phpCOIN 1.2 Pages Module - Multiple SQL Injections

source: https://www.securityfocus.com/bid/13433/info PHPCoin is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a...

phpCOIN 1.2 - &#039;login.php?PHPcoinsessid&#039; SQL Injection

source: https://www.securityfocus.com/bid/13433/info PHPCoin is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a...

CVE-2005-0947

Vulnerability summary (CVE-2005-0947) : The phpCOIN product (versions 1.2.1b and earlier) contains a directory traversal flaw in the auxiliary script auxpage.php. An attacker can supply a path in the page parameter that includes “..” to read or potentially execute arbitrary files on the server. T...

CVE-2005-0946

SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the 1 term/keywords field on the search page, 2 username or 3 e-mail field on the forgot password page, or 4 domain name on the ordering new package page...

CVE-2005-0947

Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. dot dot in the page parameter...

CVE-2005-0946

CVE-2005-0946 affects phpCOIN 1.2.1b and earlier, with SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. Affected input surfaces include the term/keywords field on search, username or e-mail on forgot password, and domain name on the new package ordering...

phpCoin.txt

GulfTech Security Research March 28th, 2005 Vendor : COINSoft Technologies Inc. URL : http://www.phpcoin.com/ Version : phpCoin v1.2.1b && Earlier Risk : Multiple Vulnerabilities Description: phpCoin is a free software package originally designed for web-hosting resellers to handle clients, order...

Multiple phpCoin Vulnerabilities

GulfTech Security Research March 28th, 2005 Vendor : COINSoft Technologies Inc. URL : http://www.phpcoin.com/ Version : phpCoin v1.2.1b && Earlier Risk : Multiple Vulnerabilities Description: phpCoin is a free software package originally designed for web-hosting resellers to handle clients, order...

CVE-2005-0932

CVE-2005-0932 describes multiple SQL injection flaws in phpCOIN 1.2.1b and earlier, exploitable via the search engine, forgotten-password username/email fields, or the domain name in package orders. The underlying issue is unsafe SQL construction in these modules, enabling remote attackers to exe...

CVE-2005-0933

CVE-2005-0933 describes a directory traversal vulnerability in the PHPCOIN application (auxpage.php) affecting phpCOIN versions ≤ 1.2.1b. Remote attackers can read arbitrary files by manipulating the page parameter. This is validated across sources: the NVD entry notes a directory traversal issue...

CVE-2005-0946

SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the 1 term/keywords field on the search page, 2 username or 3 e-mail field on the forgot password page, or 4 domain name on the ordering new package page...

CVE-2005-0932

Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands 1 via the search engine, 2 the username or email fields in the "forgotten password" feature, or 3 the domain name in a package order...

CVE-2005-0933

Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter...

phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access

phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and...

phpCoin 1.2 - &#039;auxpage.php?page&#039; Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and view arbitrary database contents. phpCoin is also affected by a...

CVE-2005-0669

CVE-2005-0669 concerns multiple SQL injection flaws in phpCOIN 1.2.0–1.2.1b (PHP-based application). The vulnerabilities affect mod.php across several modules: faq (faq_id), pages (id), siteinfo (id), articles (topic_id), orders (ord_id), domains (dom_id), and invoices (invd_id). The underlying i...