CVE-2004-0033

PHPGEDVIEW 2.61’s admin.php is vulnerable to information disclosure: an attacker can trigger a phpinfo command via an action parameter to reveal sensitive data. The affected component is admin.php (PHPGEDVIEW 2.61). Root cause is improper handling of the action parameter, enabling remote code/inf...

CVE-2004-0128

PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGVBASEDIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script...

CVE-2004-0032

Cross-site scripting XSS vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter...

CVE-2004-0128

PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGVBASEDIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script...

CVE-2004-0127

Directory traversal vulnerability in editconfiggedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. dot dot sequences in the gedcomconfig parameter...

CVE-2004-0130

login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message...

CVE-2004-0066

phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to 1 indilist.php, 2 famlist.php, 3 placelist.php, 4 imageview.php, 5 timeline.php, 6 clippings.php, 7 login.php, and 8 gdbi.php...

CVE-2004-0067

Multiple cross-site scripting XSS vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via 1 descendancy.php, 2 index.php, 3 individual.php, 4 login.php, 5 relationship.php, 6 source.php, 7 imageview.php, 8 calendar.php, 9 gedrecord.php, 10...

CVE-2004-0065

Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via 1 timeline.php and 2 placelist.php...

CVE-2004-0130

login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message...

CVE-2004-0127

Directory traversal vulnerability in editconfiggedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. dot dot sequences in the gedcomconfig parameter...

CVE-2004-0127

The CVE-2004-0127 entry concerns a directory-traversal vulnerability in phpGedView

CVE-2004-0130

phpGedView 2.65 and earlier is affected by CVE-2004-0130 where a login.php request that omits the required username or password parameters leaks sensitive information via an error message. The vulnerability enables information disclosure and is triggered by improper handling of missing credential...

phpGedView Arbitrary File Access / Remote File Inclusion

A vulnerability exists in the installed version of PhpGedView that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user. Another vulnerability could allow an attacker to include arbitrary PHP files hosted on a third-party website. %NASLMINLEVE...

phpGedView_v2.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior Summary : phpGedView is an open source system for online viewing Gedcom information family tree and genology information. Multiple PHP Code Injection vulnerabilities exist in the...

PHPGedView 2.x - 'Editconfig_gedcom.php' Directory Traversal

source: https://www.securityfocus.com/bid/9529/info It has been reported that PhpGedView may be prone to a directory traversal vulnerability that may allow a remote attacker to access files outside the server root directory. The problem exists due to insufficient sanitization of user-supplied dat...

PHPGedView 2.x - Editconfig_gedcom.php Directory Traversal

PHPGedView 2.x - Editconfiggedcom.php Directory Traversal source: https://www.securityfocus.com/bid/9529/info It has been reported that PhpGedView may be prone to a directory traversal vulnerability that may allow a remote attacker to access files outside the server root directory. The problem...

PHPGedView 2.x - [GED_File]_conf.php Remote File Inclusion

PHPGedView 2.x - GEDFileconf.php Remote File Inclusion source: https://www.securityfocus.com/bid/9531/info It has been reported that PhpGedView may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a...

PHPGedView 2.x - '[GED_File]_conf.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9531/info It has been reported that PhpGedView may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because...

CVE-2004-0031

PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php...