CVE-2006-2519

Summary of CVE-2006-2519 (phpwcms/spaw_root RFI) Affected product: phpwcms 1.2.5-DEV (SPA W Editor PHP Edition note indicates the underlying issue may be in SPAW Editor PHP Edition). Vulnerability: Directory traversal allows remote attackers to include arbitrary local files via .. sequences in th...

CVE-2005-3790

Multiple cross-site scripting XSS vulnerabilities in actnewsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 i and 2 text parameters...

CVE-2005-3789

Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. dot dot in the 1 formlang parameter in login.php and 2 the imgdir parameter in randomimage.php...

CVE-2005-3789

Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. dot dot in the 1 formlang parameter in login.php and 2 the imgdir parameter in randomimage.php...

CVE-2005-3789

phpwcms 1.2.5 is affected by multiple directory traversal vulnerabilities. The issues allow remote attackers to read arbitrary local files via dot-dot in the form_lang parameter of login.php and the imgdir parameter in random_image.php. A Nessus plugin also notes that the form_lang issue could le...

CVE-2005-3790

CVE-2005-3790 describes multiple cross-site scripting (XSS) vulnerabilities in phpWCMS 1.2.5, specifically in act_newsletter.php where the parameters (1) i and (2) text can be exploited to inject arbitrary script/HTML. The NVD entry provides a MEDIUM base score (4.3) with network access and no au...

CVE-2005-3790

Multiple cross-site scripting XSS vulnerabilities in actnewsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 i and 2 text parameters...

phpwcms.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Author: Stefan Lochbihler Date: 14. November 2005 Software: PHPWCMS Version: 1.2.5-DEV URL: http://www.phpwcms.de Attack: Directory traversal vulnerability,CSS about: phpwcms is an Open Source web content management system. It is optimized for fast an...

PHPWCMS - Directory traversal vulnerability,CSS attack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Author: Stefan Lochbihler Date: 14. November 2005 Software: PHPWCMS Version: 1.2.5-DEV URL: http://www.phpwcms.de Attack: Directory traversal vulnerability,CSS about: phpwcms is an Open Source web content management system. It is optimized for fast an...

phpwcms 1.2.5 Multiple Vulnerabilities

The remote host is running phpwcms, an open source content management system written in PHP. The version of phpwcms installed on the remote host does not sanitize input to the 'formlang' parameter of the 'login.php' script before using it in PHP 'include' functions. An unauthenticated attacker ca...

PHPWCMS 1.2.5 -DEV - login.php?form_lang Traversal Arbitrary File Access

PHPWCMS 1.2.5 -DEV - login.php?formlang Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issu...

PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15440/info phpwcms is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...

PHPWCMS 1.2.5 -DEV - 'imgdir' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain sensitive information that may help with further attacks on...

PHPWCMS 1.2.5 -DEV - 'login.php?form_lang' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain sensitive information that may help with further attacks on...

PHPWCMS 1.2.5 -DEV - imgdir Traversal Arbitrary File Access

PHPWCMS 1.2.5 -DEV - imgdir Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain...

PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities

PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15440/info phpwcms is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...