166 matches found
CVE-2008-2064
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface API to connect phpGedView with external programs like content management systems."...
Design/Logic Flaw
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface API to connect phpGedView with external programs like content management systems."...
CVE-2008-2064
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface API to connect phpGedView with external programs like content management systems."...
CVE-2008-2064
Affected product: phpGedView. The Debian advisory (DSA-1580-1) and related OpenVAS/NASL entries describe a remote privilege-escalation flaw in phpGedView caused by a programming error tied to a fundamental design flaw in the API that connects phpGedView with external programs (such as CMS interfa...
CVE-2008-2064
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface API to connect phpGedView with external programs like content management systems."...
Debian DSA-1559-1 : phpgedview - insufficient input sanitising
It was discovered that phpGedView, an application to provide online access to genealogical data, performed insufficient input sanitising on some parameters, making it vulnerable to cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...
[SECURITY] [DSA 1559-1] New phpgedview packages fix cross site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-1559-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 27, 2008 http://www.debian.org/security/faq -...
DSA-1559-1 phpgedview - cross site scripting
Bulletin has no description...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 boxwidth, 2 PEDIGREEGENERATIONS, and 3 rootid parameters in ancestry.php, and the 4 newpid parameter in timeline.php. NOTE: the provenance of this...
CVE-2007-5051
Multiple cross-site scripting XSS vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 boxwidth, 2 PEDIGREEGENERATIONS, and 3 rootid parameters in ancestry.php, and the 4 newpid parameter in timeline.php. NOTE: the provenance of this...
CVE-2007-5051
Multiple cross-site scripting XSS vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 boxwidth, 2 PEDIGREEGENERATIONS, and 3 rootid parameters in ancestry.php, and the 4 newpid parameter in timeline.php. NOTE: the provenance of this...
CVE-2007-5051
PhpGedView 4.1.1 is affected by multiple cross-site scripting (XSS) vulnerabilities. The NVD entry attributes impact to remote code execution of injected scripts via parameters in ancestry.php (box_width, PEDIGREE_GENERATIONS, rootid) and timeline.php (newpid). Debian and Debian-derived advisorie...
CVE-2007-5051
Multiple cross-site scripting XSS vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 boxwidth, 2 PEDIGREEGENERATIONS, and 3 rootid parameters in ancestry.php, and the 4 newpid parameter in timeline.php. NOTE: the provenance of this...
PhpGedView login page multiple XSS
Vendor Site: http://www.phpgedview.net Version: 4.1 Common Path: yoursite.com/genealogy/login.php Overview: Genealogy program which allows you to view and edit your genealogy on your website. It fails to sufficiently sanitize user-supplied input data in "User Name" text box leaving password blank...
PHPGedView 4.1 - login.php Cross-Site Scripting
PHPGedView 4.1 - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25458/info PhpGedView is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site...
PHPGedView 4.1 - 'login.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/25458/info PhpGedView is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the...
phpged.txt
========================================================================================================================== PhpGedView 4.0.2 DOCUMENTROOT File inclusion Vulnerablity ======================================= Script:PhpGedView ============= Version:4.0.2 ============= script...
PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity
========================================================================================================================== PhpGedView 4.0.2 DOCUMENTROOT File inclusion Vulnerablity ======================================= Script:PhpGedView ============= Version:4.0.2 ============= script...
Update Protection against phpBB and PHPGedView Remote Execution Vulnerabilities
phpBB is a widely used bulletin board software package. PhpGedView is a genealogy program which allows for genealogy viewing and editing on the Web. Several vulnerabilities reported in phpBB and in PhpGedView could allow an attacker to execute arbitrary PHP code...
PHPGedView.php.txt
--- PHPGedView password: nothing now in log file we have: 2005.12.20 13:16:06 - 127.0.0.1 - Login Failed - - so you can launch operating system commands: http://target/path/helptextvars.php?cmd=ls%20-la&PGVBASEDIRECTORY=./index/pgv-200512.log generally:...