CVE-2005-0947

Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. dot dot in the page parameter...

CVE-2005-0932

Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands 1 via the search engine, 2 the username or email fields in the "forgotten password" feature, or 3 the domain name in a package order...

CVE-2005-0669

Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the 1 the faqid in the faq mod, 2 the id parameter in the pages mod, 3 the id parameter in the siteinfo module, 4 the topicid parameter in the articles...

CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to index.php, 2 phpcoinsessid parameter to login.php, 3 id, 4 dtopicid, or 5 dcatid to mod.php...

phpCOIN 1.2 Pages Module - Multiple SQL Injections

source: https://www.securityfocus.com/bid/13433/info PHPCoin is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a...

PHPCoin < 1.2.2 2005-12-13 Multiple Script SQL Injection (deprecated)

Binary data 2867.prm...

CVE-2005-0947

Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. dot dot in the page parameter...

CVE-2005-0947

Vulnerability summary (CVE-2005-0947) : The phpCOIN product (versions 1.2.1b and earlier) contains a directory traversal flaw in the auxiliary script auxpage.php. An attacker can supply a path in the page parameter that includes “..” to read or potentially execute arbitrary files on the server. T...

CVE-2005-0946

CVE-2005-0946 affects phpCOIN 1.2.1b and earlier, with SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. Affected input surfaces include the term/keywords field on search, username or e-mail on forgot password, and domain name on the new package ordering...

phpCoin.txt

GulfTech Security Research March 28th, 2005 Vendor : COINSoft Technologies Inc. URL : http://www.phpcoin.com/ Version : phpCoin v1.2.1b && Earlier Risk : Multiple Vulnerabilities Description: phpCoin is a free software package originally designed for web-hosting resellers to handle clients, order...

Multiple phpCoin Vulnerabilities

GulfTech Security Research March 28th, 2005 Vendor : COINSoft Technologies Inc. URL : http://www.phpcoin.com/ Version : phpCoin v1.2.1b && Earlier Risk : Multiple Vulnerabilities Description: phpCoin is a free software package originally designed for web-hosting resellers to handle clients, order...

CVE-2005-0946

SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the 1 term/keywords field on the search page, 2 username or 3 e-mail field on the forgot password page, or 4 domain name on the ordering new package page...

CVE-2005-0932

Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands 1 via the search engine, 2 the username or email fields in the "forgotten password" feature, or 3 the domain name in a package order...

CVE-2005-0933

CVE-2005-0933 describes a directory traversal vulnerability in the PHPCOIN application (auxpage.php) affecting phpCOIN versions ≤ 1.2.1b. Remote attackers can read arbitrary files by manipulating the page parameter. This is validated across sources: the NVD entry notes a directory traversal issue...

CVE-2005-0933

Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter...

CVE-2005-0932

CVE-2005-0932 describes multiple SQL injection flaws in phpCOIN 1.2.1b and earlier, exploitable via the search engine, forgotten-password username/email fields, or the domain name in package orders. The underlying issue is unsafe SQL construction in these modules, enabling remote attackers to exe...

phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access

phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and...

CVE-2005-0669

CVE-2005-0669 concerns multiple SQL injection flaws in phpCOIN 1.2.0–1.2.1b (PHP-based application). The vulnerabilities affect mod.php across several modules: faq (faq_id), pages (id), siteinfo (id), articles (topic_id), orders (ord_id), domains (dom_id), and invoices (invd_id). The underlying i...

CVE-2005-0670

The provided threat data centers on phpCOIN versions 1.2.0 through 1.2.1b, which are reported to contain multiple input-validation flaws. The CVE-2005-0670 entry describes cross-site scripting (XSS) vulnerabilities allowing arbitrary script/HTML injection via specific parameters to mod.php and lo...

phpCOIN 1.2.1b Multiple Vulnerabilities

Binary data 2663.prm...