CVE-2005-4469

Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via 1 the username field in login.php, or the 2 userlanguage, 3 useremail, and 4 usergedcomid parameters in loginregister.php, which is directly inserted into...

CVE-2005-4469

CVE-2005-4469 affects PhpGedView up to version 3.3.7. The vulnerability arises from multiple direct static code injections where user-controlled input in login.php (username) and login_register.php (user_language, user_email, user_gedcomid) is directly inserted into authenticate.php, enabling rem...

CVE-2005-4468

PHP remote file include vulnerability in helptextvars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGVBASEDIRECTORY parameter...

CVE-2005-4467

CVE-2005-4467 affects PhpGedView up to version 3.3.7, with a directory traversal/remote file inclusion in help_text_vars.php via the PGV_BASE_DIRECTORY parameter. The underlying issue is insufficient input sanitization, allowing an attacker to read arbitrary files and, under certain conditions (e...

CVE-2005-4468

The CVE-2005-4468 issue affects PHPGedView 3.3.7 and earlier, where a PHP remote file include vulnerability exists in help_text_vars.php. An attacker can supply a URL via the PGV_BASE_DIRECTORY parameter, leading to remote code execution on the affected host. This is evidenced by NVD descriptions...

CVE-2005-4469

Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via 1 the username field in login.php, or the 2 userlanguage, 3 useremail, and 4 usergedcomid parameters in loginregister.php, which is directly inserted into...

CVE-2005-4467

Directory traversal vulnerability in helptextvars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. dot dot in the PGVBASEDIRECTORY parameter...

PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion

The version of PhpGedView installed on the remote host fails to sanitize user-supplied input to the 'PGVBASEDIRECTORY' parameter of the 'helptextvars.php' script before using it in a PHP 'require' function. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be ab...

PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion

Binary data 3333.prm...

PHPGedView <= 3.3.7 Arbitrary Remote Code Execution Exploit

No description provided by source. ?php ---phpgedview337xpl.php 16.31 20/12/2005 PHPGedView = 3.3.7 remote commands execution coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"If the enemy leaves a door open, you must rush in...

PHPGedView <= 3.3.7 Arbitrary Remote Code Execution Exploit

Exploit for unknown platform in category web applications =========================================================== PHPGedView PhpGedView body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img background-color: FFFFFF...

PHPGedView 3.3.7 - Remote Code Execution

PhpGedView body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img background-color: FFFFFF !important input background-color: 303030 !important option background-color: 303030 !important textarea background-color: 303030...

PHPGedView &lt;= 3.3.7 remote code execution

--- PHPGedView = 3.3.7 Arbitrary local/remote code execution & php injection --- software: site: http://www.phpgedview.net/ description: "PhpGedView is a revolutionary genealogy program which allows you to view and edit your genealogy on your website." - vulnerabilties:...

phpGedView Code injection Vulnerability

The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information abo...

FreeBSD : phpgedview (2245)

The following package needs to be updated: phpgedview %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF,...

CVE-2004-0031

PHPGEDVIEW 2.61 is affected by CVE-2004-0031: an unauthenticated remote attacker can trigger a direct HTTP request to editconfig.php to reinstall the software and change the administrator password. The description does not specify affected server versions beyond 2.61 in the initial document, nor ...

CVE-2004-0032

CVE-2004-0032 describes a cross-site scripting (XSS) vulnerability in PHPGEDVIEW 2.61, exploitable via the firstname parameter in search.php. The issue allows remote attackers to inject arbitrary HTML/web script when processing user-supplied input. The provided connected documents confirm the aff...

CVE-2004-0031

PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php...

CVE-2004-0033

admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command...

CVE-2004-0128

CVE-2004-0128 affects PhpGedView (GEDCOM configuration script) up to version 2.65.1. The vulnerability arises when PGV_BASE_DIRECTORY is set to reference a URL on a remote server, allowing remote attackers to execute arbitrary PHP code by loading a malicious theme.php. The connected records corro...