120 matches found
VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability
No description provided by source. .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar = v1.50 R14 . . : contact :...
CVE-2010-5279
article.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to cause a denial of service memory consumption via a large integer in the ratearticleselect parameter...
CVE-2010-5064
Multiple cross-site scripting XSS vulnerabilities in Virtual War aka VWar 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via 1 the Additional Information field to challenge.php, the 2 Additional Information or 3 Contact information field to joinus.php, 4 the War Report fie...
CVE-2010-5067
Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...
CVE-2010-5065
popup.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action...
Sql injection
SQL injection vulnerability in article.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter...
Design/Logic Flaw
article.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to cause a denial of service memory consumption via a large integer in the ratearticleselect parameter...
CVE-2010-5063
The CVE-2010-5063 issue affects Virtual War (aka VWar) 1.6.1 R2: a SQL injection in article.php exploitable via the ratearticleselect parameter may allow remote attackers to execute arbitrary SQL commands. This is a server-side input handling flaw in the affected product/component, enabling unrel...
CVE-2010-5064
Multiple cross-site scripting XSS vulnerabilities in Virtual War aka VWar 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via 1 the Additional Information field to challenge.php, the 2 Additional Information or 3 Contact information field to joinus.php, 4 the War Report fie...
CVE-2010-5066
The createRandomPassword function in includes/functionscommon.php in Virtual War aka VWar 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mtsrand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack...
CVE-2010-5279
CVE-2010-5279 affects Virtual War (aka VWar) 1.6.1 R2. The issue is a remote DoS due to memory consumption triggered by a large integer in the ratearticleselect parameter of article.php. Connected documents confirm the impact as described; no exploit code or broader exploitability details are pro...
CVE-2010-5067
The CVE-2010-5067 entry concerns Virtual War (VWar) 1.6.1 R2, which uses static session cookies that depend only on a user’s password. This design enables remote attackers to bypass session timeout/logout and retain access by knowledge of a session cookie. The available connected documents confir...
CVE-2010-5065
The CVE-2010-5065 entry concerns Virtual War (aka VWar) version 1.6.1 R2. A vulnerability in popup.php allows remote attackers to bypass intended member restrictions and read news posts by manipulating the newsid parameter in a printnews action. The issue enables unauthorized access to restricted...
CVE-2010-5066
CVE-2010-5066 affects Virtual War (VWar) 1.6.1 R2. The createRandomPassword function in includes/functions_common.php uses a small seed range for mt_srand, which reduces randomness and Leaks passwords to brute-force attempts by remote attackers. Root cause: limited seed space for the PHP random g...
CVE-2010-5064
CVE-2010-5064 pertains to Virtual War (aka VWar) 1.6.1 R2, where multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via user-input fields such as Additional Information in challenge.php, Additional Information or Contact information i...
CVE-2011-3813
Virtual War aka VWar 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files...
CVE-2011-3813
CVE-2011-3813 affects Virtual War (VWar) 1.5.0r15. Affected component/file paths (e.g., includes/language/dutch.inc.php) can disclose installation path via an error message when a direct request is made to a .php file. This is an information-disclosure vulnerability described across multiple sour...
VWar 1.6.1 R2 - Multiple Remote Vulnerabilities
VWar 1.6.1 R2 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/29001/info VWar is prone to multiple remote vulnerabilities, including: - Multiple HTML-injection vulnerabilities - An SQL-injection vulnerability - An unauthorized-access vulnerability - A vulnerability tha...
VWar 1.6.1 R2 - Multiple Remote Vulnerabilities
source: https://www.securityfocus.com/bid/29001/info VWar is prone to multiple remote vulnerabilities, including: - Multiple HTML-injection vulnerabilities - An SQL-injection vulnerability - An unauthorized-access vulnerability - A vulnerability that allows attackers to brute-force authentication...
Sql injection
SQL injection vulnerability in calendar.php in Virtual War VWar 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter...