PHPKit 1.6.1 - 'member.php' SQL Injection

source: https://www.securityfocus.com/bid/14629/info PHPKit is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the...

PHPKit 1.6.1 - member.php SQL Injection

PHPKit 1.6.1 - member.php SQL Injection source: https://www.securityfocus.com/bid/14629/info PHPKit is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

CVE-2004-1879

Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages...

CVE-2004-1879

CVE-2004-1879 describes a cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03, allowing remote attackers to inject arbitrary web script or HTML through forum messages. The available documents do not specify the exact vector (stored vs reflected) or impact beyond the ability to execute scrip...

CVE-2003-1187

CVE-2003-1187 is a documented XSS vulnerability in PHPKIT, affecting versions 1.6.02 and 1.6.03. The issue resides in include.php where the contact_email parameter can be used by remote attackers to inject arbitrary script or HTML. The known impact is cross-site scripting, enabling credential-ste...

CVE-2004-1538

CVE-2004-1538 describes a SQL injection in PHP-Kit’s include.php affecting PHP-Kit versions 1.6.03 through 1.6.1, where an attacker can manipulate the id parameter to execute arbitrary SQL commands. This is a remote vulnerability with network attack vector and partial impact on confidentiality, i...

CVE-2004-1538

SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2004-1537

Cross-site scripting XSS vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter...

CVE-2004-1537

PHP-Kit 1.6.03–1.6.1 contains an XSS flaw in popup.php via the img parameter, enabling remote script execution. Multiple connected advisories corroborate XSS within PHP-Kit

CVE-2004-1879

Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages...

CVE-2004-1538

SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2004-1537

Cross-site scripting XSS vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter...

phpkitSQLXSS.txt

Author: Steve Date: November 22, 2004 Affected Software:PHP KIT Software Version: 1.6.03 - 1.6.1 Software URL: http://www.phpkit.de Attack: SQL Injection, allowing people to manipulate the query into pulling data. XSS What is PHPKIT: PHPKIT is a modular developed Homepage Software which can simpl...

PHPKIT SQL Injection, XSS

Author: Steve Date: November 22, 2004 Affected Software:PHP KIT Software Version: 1.6.03 - 1.6.1 Software URL: http://www.phpkit.de Attack: SQL Injection, allowing people to manipulate the query into pulling data. XSS What is PHPKIT: PHPKIT is a modular developed Homepage Software which can simpl...

phpkit suffers (reale stupid) XSS vuln.

Software: phpkit Version: 1.6.03 others are probably affected as well. Status: Vendor has been notified weeks ago but refuses to answer or take any actions. phpkit1 is a simple German cms / portal software written in php similar to phpbb / phpnuke and is quite popular in Germany. All session...

[bWM#017] Cross-Site-Scripting @ PHPKIT

http://badWebMasters.net ben moeckel security research ------------------------------------------------- badWebMasters security advisory 017 Cross Site Scripting @ PHP-Kit Discovery date: 2003-09 Original advisory: http://badwebmasters.net/advisory/017/ text/html Legal Notice: Copyright 2003 by...

[Full-Disclosure] [bWM#017] Cross-Site-Scripting @ PHPKIT

http://badWebMasters.net ben moeckel security research ------------------------------------------------- badWebMasters security advisory 017 Cross Site Scripting @ PHP-Kit Discovery date: 2003-09 Original advisory: http://badwebmasters.net/advisory/017/ text/html Legal Notice: Copyright 2003 by...

CVE-2003-1187

Cross-site scripting XSS vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contactemail parameter...

PHPKit 1.6 - Include.php Cross-Site Scripting

PHPKit 1.6 - Include.php Cross-Site Scripting source: https://www.securityfocus.com/bid/8960/info PHPKIT is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically...

PHPKit 1.6 - 'Include.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/8960/info PHPKIT is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software. The issue exists i...