16 matches found
EUVD-2004-0249
Malware in sbrugna...
EUVD-2005-3963
Malware in sbrugna...
EUVD-2004-0248
Malware in sbrugna...
EUVD-2006-0936
Malware in sbrugna...
EUVD-2004-2354
Malware in sbrugna...
phpx_359_xpl.txt
PhpX login bypass - remote command/code execution software: site: http://www.phpx.org/ description: "PHPX is a constantly evolving and changing Content Management System CMS.." vulnerable code in auth.inc.php at lines 22-26: ... if !isset$POSTusername header"Location: login.php"; $password =...
CVE-2004-2362
PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php...
CVE-2004-2363
Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting XSS attacks via hex-encoded tags, which bypass the check for literal "", "", and "" characters, as demonstrated using the limi...
CVE-2004-2362
PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php...
CVE-2004-0248
Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...
CVE-2004-0249
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID...
PHPX 3.x - '/forums.php' Cross-Site Request Forgery / Arbitrary Command Execution
source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands. This issue could permit a remot...
CVE-2004-0249
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID...
CVE-2004-0248
Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...
phpx324.txt
PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...
PHPX 2.x - 3.2.4
PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...