49 matches found
CVE-2006-3116
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 configuration.php, 3 guilds.php, 4 index.php, 5 locations.php, 6 login.php, 7 luaoutput.php, 8 permissions.php, 9 profile.php, ...
CVE-2006-3316
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 logs.php and 2 users.php, a different set of vectors than CVE-2006-3116...
CVE-2006-3115
SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raidid parameter...
CVE-2006-3316
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 logs.php and 2 users.php, a different set of vectors than CVE-2006-3116...
CVE-2006-3115
The CVE-2006-3115 entry concerns phpRaid (versions around 3.0.4 onward). According to Secunia Research, there are SQL injection vulnerabilities in phpRaid's view.php where user-supplied input in the raid_id parameter is not properly sanitized before being used in SQL queries, enabling remote mani...
CVE-2006-3317
CVE-2006-3317 describes a PHP remote file inclusion vulnerability in phpRaid 3.0.6. The flaw allows an attacker to execute arbitrary code by supplying a URL in the phpraid_dir parameter to announcements.php or rss.php. This is a distinct set of vectors/affected versions compared to CVE-2006-3316 ...
CVE-2006-3116
CVE-2006-3116 covers multiple PHP remote file inclusion vulnerabilities in phpRaid. Affected are phpRaid 3.0.4 and 3.0.5 (and related 3.0.6 in some vectors). The issue arises from unsafely using the phpraid_dir parameter to include files, enabling arbitrary PHP code execution when a URL is suppli...
CVE-2006-3115
SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raidid parameter...
CVE-2006-3116
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 configuration.php, 3 guilds.php, 4 index.php, 5 locations.php, 6 login.php, 7 luaoutput.php, 8 permissions.php, 9 profile.php, ...
CVE-2006-3317
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 announcements.php and 2 rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116...
CVE-2006-3318
PHPVuln CVE-2006-3318 affects phpRaid 3.0.6 (and possibly other versions) with a SQL injection in register.php. When the authorization type is phpraid, the (1) username and (2) email parameters can be used by remote attackers to execute arbitrary SQL commands. The description and connected source...
CVE-2006-3316
The connected documents confirm multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4–3.0.6 triggered by unsafely using the phpraid_dir URL parameter to include files. Specifically: CVE-2006-3116 (3.0.4/3.0.5) allows code execution via include paths in configuration.php, guilds.php,...
Cross site scripting
Cross-site scripting XSS vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the 1 URL query string and the 2 Sort parameter...
CVE-2006-2610
Cross-site scripting XSS vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the 1 URL query string and the 2 Sort parameter...
CVE-2006-2610
CVE-2006-2610 refers to a Cross-site Scripting (XSS) vulnerability in the phpRaid 2.9.5 application, specifically in view.php. The flaw allows remote attackers to inject arbitrary web script or HTML through the URL query string and the Sort parameter, leading to potential session hijacking or def...
phpRaid "view.php" XSS Vulnerability
phpRaid "view.php" XSS Vulnerability Script : phpRaid Script Website : http://www.spiffyjr.com/ Version : phpRaid v2.9.5 This Xss Works On phpRaid Exploit ; 1- Http://www.example.com/phpRaid/view.php?scriptalert'Xss20Vulnerability';/script 2-...
phpRaidXSS.txt
phpRaid "view.php" XSS Vulnerability Script : phpRaid Script Website : http://www.spiffyjr.com/ Version : phpRaid v2.9.5 This Xss Works On phpRaid Exploit ; 1- Http://www.example.com/phpRaid/view.php?alert'Xss%20Vulnerability'; 2-...
CVE-2006-2283
Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...
CVE-2006-2283
CVE-2006-2283 affects SpiffyJr phpRaid versions 2.9.5 to 3.0.b3, enabling remote PHP code execution via remote file inclusion. Exploitation vectors involve crafted URLs in phpbb_root_path (auth.php/auth_phpbb with phpBB portal enabled) and smf_root_path (auth.php/auth_SMF with SMF portal enabled)...