CVE-2005-4214

phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the CCFG'PKGPATHDBSE' variable is not defined...

CVE-2005-4211

PHP remote file inclusion vulnerability in coinincludes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $CCFGPKGPATHDBSE variable...

CVE-2005-4211

PHP remote file inclusion in phpCOIN 1.2.2 affects coin_includes/db.php, allowing an attacker to supply a URL via the _CCFG[_PKG_PATH_DBSE] parameter to execute arbitrary PHP code. This is a code-execution exposure in the web application, with no exploitation details provided beyond the parameter...

phpCOIN < 1.2.2 2005-12-13 Fix-File Multiple Vulnerabilities

The remote host appears to be running phpCOIN, a software package for web-hosting resellers to handle clients, orders, helpdesk queries, and the like. The version of phpCOIN installed on the remote host fails to sanitize user-supplied input to the 'CCFGPKGPATHDBSE' parameter of the 'config.php'...

phpCOIN 1.2.2 multiple vulnerabilities

PhpCOIN 1.2.2 arbitrary remotelocal inclusion / blind sql injection / path disclosure software: site: http://www.phpcoin.com/ description: "a free software package originally designed for web-hosting resellers to handle clients, orders, invoices, notes and helpdesk, but no longer limited to hosti...

phpCOIN 1.2.2 - CCFG[_PKG_PATH_DBSE] Remote File Inclusion

source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote PHP code and execute it in the context ...

phpCOIN 1.2.2 - CCFG[_PKG_PATH_DBSE] Remote File Inclusion

phpCOIN 1.2.2 - CCFGPKGPATHDBSE Remote File Inclusion source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...

phpCOIN 1.2.2 - phpcoinsessid SQL Injection Remote Code Execution

phpCOIN 1.2.2 - phpcoinsessid SQL Injection Remote Code Execution this works with magicquotesgpc off usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"When these five kinds of spy are all at work, none can discover the secret system. This is called "divine manipulation of the...

phpCOIN 1.2.2 (phpcoinsessid) SQL Inj / Remote Code Execution Exploit

Exploit for unknown platform in category web applications ===================================================================== phpCOIN 1.2.2 phpcoinsessid SQL Inj / Remote Code Execution Exploit ===================================================================== this works with magicquotesgpc...

phpCOIN 1.2.2 (phpcoinsessid) SQL Inj / Remote Code Execution Exploit

No description provided by source. ?php ---phpcoin122sqlxpl.php phpCOIN 1.2.2 phpcoinsessid blind SQL injection / remote code execution coded by rgod site: http://rgod.altervista.org - this works with magicquotesgpc off usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"When...

phpCOIN 1.2.2 - &#039;phpcoinsessid&#039; SQL Injection / Remote Code Execution

this works with magicquotesgpc off usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"When these five kinds of spy are all at work, none can discover the secret system. This is called "divine manipulation of the threads." It is the sovereign's most precious faculty."...

dc_phpcoin.txt

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple Sql injections in phpCo...

CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to index.php, 2 phpcoinsessid parameter to login.php, 3 id, 4 dtopicid, or 5 dcatid to mod.php...

CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to index.php, 2 phpcoinsessid parameter to login.php, 3 id, 4 dtopicid, or 5 dcatid to mod.php...

CVE-2005-0933

Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter...

CVE-2005-0670

Cross-site scripting XSS vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via 1 the new parameter to mod.php, 2 the w parameter to mod.php, 3 the e parameter to login.php, 4 the o parameter to login.php, and possibly other scripts...

CVE-2005-0669

Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the 1 the faqid in the faq mod, 2 the id parameter in the pages mod, 3 the id parameter in the siteinfo module, 4 the topicid parameter in the articles...

CVE-2005-1384

CVE-2005-1384 : The phpCoin project – version 1.2.2 or older – is affected by multiple SQL injection vulnerabilities. The issues arise from improper sanitization in user-supplied input and affect the following entry points/parameters: (1) search in index.php, (2) phpcoinsessid in login.php, (3) i...

CVE-2005-0947

Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. dot dot in the page parameter...

CVE-2005-0932

Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands 1 via the search engine, 2 the username or email fields in the "forgotten password" feature, or 3 the domain name in a package order...