5 matches found
CVE-2007-4606
PHP remote file inclusion vulnerability in convert/mvcwconver.php in the Virtual War VWar module for PHPNuke-Clan PNC 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this...
CVE-2007-2306
Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...
CVE-2007-2306
Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...
[waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke
waraxe-2007-SA048 - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke Author: Janek Vind "waraxe" Date: 13. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-48.html Target software description: VWar module for PhpNuke http://www.vwar.de/ VWar is a webbased...