33 matches found
phpWebSite 0.7.30.8.x0.9.3 - User Module HTTP Response Splitting
phpWebSite 0.7.30.8.x0.9.3 - User Module HTTP Response Splitting source: https://www.securityfocus.com/bid/11673/info A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-suppli...
CVE-2003-0737
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime in TimeZone.php of the Pear library...
CVE-2003-0738
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service crash via a long year parameter...
CVE-2003-0737
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime in TimeZone.php of the Pear library...
CVE-2003-0738
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service crash via a long year parameter...
CVE-2002-1135
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an incprefix parameter that points to the malicious code...
phpWebSite 0.8.3 - article.php Cross-Site Scripting
phpWebSite 0.8.3 - article.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5864/info phpWebSite is prone to cross-site scripting attacks. This vulnerability is due to insufficient sanitization of HTML tags from URI parameters processed by the 'article.php' script. As a result, ...
phpWebSite 0.8.3 - 'article.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/5864/info phpWebSite is prone to cross-site scripting attacks. This vulnerability is due to insufficient sanitization of HTML tags from URI parameters processed by the 'article.php' script. As a result, an attacker may construct a malicious link to this...
phpWebSite 0.8.3 - News Message HTML Injection
source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that...
phpWebSite 0.8.3 - News Message HTML Injection
phpWebSite 0.8.3 - News Message HTML Injection source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a...
phpWebSite 0.8.2 - PHP File Inclusion
phpWebSite 0.8.2 - PHP File Inclusion source: https://www.securityfocus.com/bid/5779/info A vulnerability has been discovered in phpWebsite which allows an attacker to remotely include a malicious PHP file. It is possible for an attacker to specify a remote location for phpWebsite to download an...
phpWebSite 0.8.2 - PHP File Inclusion
source: https://www.securityfocus.com/bid/5779/info A vulnerability has been discovered in phpWebsite which allows an attacker to remotely include a malicious PHP file. It is possible for an attacker to specify a remote location for phpWebsite to download an attacker-supplied htmlheader.php scrip...
CVE-2001-1363
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges...