EUVD-2006-0615

Malware in sbrugna...

EUVD-2006-0616

Malware in sbrugna...

CVE-2007-2096

The CVE-2007-2096 entry concerns a PHP remote file inclusion vulnerability in Hinton Design PHPHD Download System (phphd_downloads). The flaw is in common.php where a URL supplied to phphd_real_path enables remote attackers to execute arbitrary PHP code. Affected information notes this issue may ...

EV0060.txt

New eVuln Advisory: phphd Multiple Vulnerabilities http://evuln.com/vulns/60/summary.html --------------------Summary---------------- eVuln ID: EV0060 CVE: CVE-2006-0607 CVE-2006-0608 CVE-2006-0609 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phphd Sowtware's Web...

[eVuln] phphd Multiple Vulnerabilities

New eVuln Advisory: phphd Multiple Vulnerabilities http://evuln.com/vulns/60/summary.html --------------------Summary---------------- eVuln ID: EV0060 CVE: CVE-2006-0607 CVE-2006-0608 CVE-2006-0609 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phphd Sowtware's Web...

Authentication flaw

check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication...

CVE-2006-0607

check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication...

Cross site scripting

Cross-site scripting XSS vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2006-0609

Cross-site scripting XSS vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Sql injection

Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter to check.php or 2 unknown attack vectors to scripts that display information from the database...

CVE-2006-0607

check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication...

CVE-2006-0609

Cross-site scripting XSS vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2006-0609

CVE-2006-0609 : The vulnerability affects Hinton Design’s phphd 1.0, specifically the add.php script, where a Cross‑Site Scripting (XSS) flaw allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Multiple independent sources (NVD entry, eVuln/SEC references, and Pack...

CVE-2006-0607

This CVE affects phphd 1.0 by Hinton Design. The vulnerability is in check.php where passwords are not validated when certain cookies are present, enabling remote authentication bypass. This is cookie-based authentication bypass (noted as a vulnerability in EV0060) that allows an attacker to bypa...

CVE-2006-0608

CVE-2006-0608 affects Hinton Design phphd 1.0. The vulnerability set includes SQL injection in the authentication flow, notably via the username parameter to check.php, and other scripts that display data from the database. The eVuln/disclosure documents indicate multiple vulnerabilities (SQL inj...