phpHeaven phpMyChat 0.14.5 edituser.php3 do_not_login Variable Authentication Bypass

No description provided by source. source: http://www.securityfocus.com/bid/10556/info phpHeaven phpMyChat is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and design flaws. The following specific issues can affect the...

CVE-2008-1504

Cross-site scripting XSS vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1504

The CVE-2008-1504 entry concerns a Cross-site Scripting (XSS) vulnerability in the setup.php3 component of phpHeaven phpMyChat 0.14.5. The issue is triggered by untrusted input in the Lang parameter, allowing remote attackers to inject arbitrary web-script/HTML. The description and references ind...

CVE-2006-5088

The connected documents confirm a PHP remote file inclusion in phpMyChat 0.1, specifically in connected_users.lib.php3, exploitable by supplying a URL in the ChatPath parameter to run arbitrary PHP code. The PT-2006-5826 entry reiterates the affected software and suggests restricting access to th...