CVE-2005-4424

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. dot dot in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00...

CVE-2005-3552

Multiple cross-site scripting XSS vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in 1 login/profile.php, 2 login/userinfo.php, 3 admin/admin.php, 4 imcenter.php, and the 5 referer statistics, the 6 HTML title eleme...

CVE-2005-3554

Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...

CVE-2005-3553

Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in conjunction with the login/userinfo.php path and 2 the session parameter aka the PHPKITSID variable...

CVE-2005-3552

Multiple cross-site scripting XSS vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in 1 login/profile.php, 2 login/userinfo.php, 3 admin/admin.php, 4 imcenter.php, and the 5 referer statistics, the 6 HTML title eleme...

CVE-2005-3553

CVE-2005-3553 describes multiple SQL injection vulnerabilities in include.php of PHPKIT 1.6.1 R2 and earlier. The issues allow remote attackers to execute arbitrary SQL commands via (1) the id parameter when used with login/userinfo.php, and (2) the session parameter (the PHPKITSID variable). The...

CVE-2005-3553

Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in conjunction with the login/userinfo.php path and 2 the session parameter aka the PHPKITSID variable...

CVE-2005-3552

CVE-2005-3552 affects PHP-Kit 1.6.1 RC2 and earlier. The vulnerability is multiple cross-site scripting (XSS) flaws that allow a remote attacker to inject arbitrary script/HTML via several vectors, including login/profile.php, login/userinfo.php, admin/admin.php, imcenter.php, referer statistics,...

CVE-2005-3554

Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...

CVE-2005-3554

CVE-2005-3554 describes multiple eval-injection vulnerabilities in the help function of PHP-Kit up to version 1.6.1 R2, triggered when register_globals is enabled. Remote attackers could execute arbitrary code on the server via uninitialized variables. The description notes unknown attack vectors...

Hardened-PHP Project Security Advisory 2005-21.80

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in PHPKIT Release Date: 2005/11/07 Last Modified: 2005/11/04 Author: Christopher Kunz Application: PHPKIT 1.6.1 R2 and prior Severity: Cross-Site...

[Full-disclosure] Advisory 21/2005: Multiple vulnerabilities in PHPKIT

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in PHPKIT Release Date: 2005/11/07 Last Modified: 2005/11/04 Author: Christopher Kunz [email protected] Application: PHPKIT 1.6.1 R2 a...

CVE-2005-2699

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system...

CVE-2005-2699

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system...

CVE-2005-2699

CVE-2005-2699 concerns PHP-Kit 1.6.1 where an unrestricted file upload in admin/admin.php via images.php allows uploading a .php file to content/images/ and executing arbitrary PHP code. The vulnerability requires the attacker to be a remote authenticated administrator, implying privilege within ...

phpkit161.txt

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...

CVE-2005-2683

CVE-2005-2683 affects PHPKit 1.6.1, with two confirmed SQL injection vectors: the letter parameter to login/member.php and the im_receiver parameter to login/imcenter.php. The underlying issue is improper input handling that enables an attacker to inject and execute arbitrary SQL on the backend. ...

CVE-2005-2683

Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the 1 letter parameter to login/member.php or 2 imreceiver parameter to login/imcenter.php...

CVE-2005-2683

Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the 1 letter parameter to login/member.php or 2 imreceiver parameter to login/imcenter.php...

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...