phpCOIN 1.2.1 - mod Local File Inclusion

phpCOIN 1.2.1 - mod Local File Inclusion source: https://www.securityfocus.com/bid/38576/info phpCOIN is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information an...

phpCOIN 1.2.1 - 'mod' Local File Inclusion

source: https://www.securityfocus.com/bid/38576/info phpCOIN is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the...

phpCOIN v1.2.1 (mod.php) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================== phpCOIN v1.2.1 mod.php SQL Injection Vulnerability ==================================================== phpCOIN 1.2.1 mod.php SQL Injection Vulnerability Author : Baybora Homepage :...

CVE-2007-0861

PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CCFG'PKGPATHMDLS' parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs befo...

CVE-2007-0861

PHP remote file inclusion vulnerability in phpCOIN RC-1 and earlier affecting modules/mail/index.php. An attacker could execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. Note: this issue has been disputed by a reliable third party, claiming a fatal error occurs before...

phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability

phpCOIN = RC-1 modules/mail/index.php Remote File Include Vulnerability Script: phpCOIN Version: RC-1 URL: http://www.phpcoin.com/coinmodules/downloads/dload.php?id=1 Found by: Born To K!LL Bug in : modules/mail/index.php code : Include module functions file include...

CVE-2006-4425

CVE-2006-4425 affects the phpCOIN 1.2.3 package. Multiple remote file inclusion weaknesses allow an unauthenticated, remote attacker to cause code execution by manipulating the _CCFG[_PKG_PATH_INCL] parameter in seven coin_includes scripts (api.php, common.php, core.php, custom.php, db.php, redir...

phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

phpCOIN 1.2.3 CCFGPKGPATHINCL Remote Include Vulnerability Discovered by: Timq http://www.securitydb.org Email: timqathackernetworkdotcom http://www.securitydb.org Vulnerable: requireonce include $CCFG'PKGPATHINCL'.'redirect.php'; Exploit PoC:...

phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion

The remote host is running phpCOIN, a software package for web-hosting resellers to handle clients, orders, helpdesk queries, and the like. The version of phpCOIN installed on the remote host fails to sanitize input to the 'CCFG' array parameter before using it in several scripts to include PHP...

PHPCOIN 1.2.3 - session_set.php Remote File Inclusion

PHPCOIN 1.2.3 - sessionset.php Remote File Inclusion phpCOIN 1.2.3 CCFGPKGPATHINCL Remote Include Vulnerability Discovered by: Timq http://www.securitydb.org Email: timqathackernetworkdotcom http://www.securitydb.org Vulnerable: requireonce include $CCFG'PKGPATHINCL'.'redirect.php'; Exploit PoC:...

phpCOIN 1.2.3 (session_set.php) Remote Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ phpCOIN 1.2.3 sessionset.php Remote Include Vulnerability ============================================================ phpCOIN 1.2.3 CCFGPKGPATHINCL Remote Include Vulnerability...

Code injection

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact"...

CVE-2006-2422

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact"...

CVE-2006-2422

CVE-2006-2422 affects phpCOIN 1.2.3 and earlier. The flaw allows remote authenticated users to read other users’ messages by adding the sender’s e‑mail address as an “additional contact,” indicating a partial confidentiality impact. The NVD entry notes network attack vector with low complexity an...

[SA20088] phpCOIN E-Mail Address Disclosure of Arbitrary Messages

TITLE: phpCOIN E-Mail Address Disclosure of Arbitrary Messages SECUNIA ADVISORY ID: SA20088 VERIFY ADVISORY: http://secunia.com/advisories/20088/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: phpCOIN 1.x http://secunia.com/product/4722/...

CVE-2006-1428

Multiple cross-site scripting XSS vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to 1 mod.php or 2 modprint.php...

CVE-2006-1428

Multiple cross-site scripting XSS vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to 1 mod.php or 2 modprint.php...

CVE-2006-1428

CVE-2006-1428 affects phpCOIN 1.2.2 and earlier. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML through the fs parameter to either mod.php or mod_print.php. The available documents do not provide explo...

PHPCOIN 1.2 - mod_print.php?fs Cross-Site Scripting

PHPCOIN 1.2 - modprint.php?fs Cross-Site Scripting source: https://www.securityfocus.com/bid/17279/info phpCOIN is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these...

PHPCOIN 1.2 - mod.php?fs Cross-Site Scripting

PHPCOIN 1.2 - mod.php?fs Cross-Site Scripting source: https://www.securityfocus.com/bid/17279/info phpCOIN is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issue...