MINI-PHPP-9JR4-HCRJ

Bulletin has no description...

CVE-2006-4878

Directory traversal vulnerability in footer.php in David Bennett PHP-Post PHPp 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. dot dot sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution ...

CVE-2006-4877

The CVE-2006-4877 entry concerns David Bennett PHP-Post (PHPp) 1.0 and earlier, where a variable overwrite vulnerability exists due to the use of PHP extract in multiple vectors. The affected components are the PHPp pages index.php, profile.php, and header.php, with the demonstrated vector involv...

CVE-2006-4880

CVE-2006-4880 affects PHP-Post (PHPp) 1.0 and earlier. Affected components (footer.php, template.php, lastvisit.php) can disclose installation path via direct requests, through error messages generated by these scripts. Root cause is information disclosure in error handling/response content. Repo...

CVE-2006-4881

CVE-2006-4881 concerns multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier. The issues allow remote attackers to inject arbitrary web script/HTML through specific parameters across several pages: (1) replyuser in pm.php; (2) txt_jumpto in dropdown....

CVE-2005-3770

PHP-Post (PHPp) 1.0 contains cross-site scripting (XSS) vulnerabilities exploitable via the subject field in posts or the user parameter to profile.php and mail.php. The underlying issue is arbitrary-script/HTML injection, leading to potential script execution in victims’ browsers. Affected softw...