120 matches found
CVE-2008-0753
SQL injection vulnerability in calendar.php in Virtual War VWar 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter...
CVE-2008-0753
SQL injection vulnerability in calendar.php in Virtual War VWar 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter...
CVE-2008-0753
CVE-2008-0753 describes an SQL injection in the calendar.php file of Virtual War (VWar) 1.5, exploitable remotely via the month parameter. The vulnerability allows an attacker to execute arbitrary SQL commands. According to the associated records, the issue is triggered by unvalidated input in th...
Vwar New Bug
Vendor : Www.Vwar.De Credits : PouyaServer Vuln. Ver : v1.5.0 Http://pouya-server.blogfa.com [email protected] --------------------------------------------------- http://host/vwar/war.php?s=SQL http://host/vwar/war.php?page=SQL http://host/vwar/war.php?showgame=SQL...
Vwar 1.5.0
Vendor : Www.Vwar.De Credits : Pouyaserver Ver : v1.5.0 [email protected] ----------------------------------------- http://host/vwar/calendar.php?month=SQL...
VWar 1.5 - calendar.php SQL Injection
VWar 1.5 - calendar.php SQL Injection source: https://www.securityfocus.com/bid/27722/info VWar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
vwar-sql.txt
Vendor : Www.Vwar.De Credits : Pouyaserver Ver : v1.5.0 [email protected] ----------------------------------------- http://host/vwar/calendar.php?month=SQL...
VWar 1.5 - 'calendar.php' SQL Injection
source: https://www.securityfocus.com/bid/27722/info VWar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or...
CVE-2007-4606
PHP remote file inclusion vulnerability in convert/mvcwconver.php in the Virtual War VWar module for PHPNuke-Clan PNC 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this...
Remote file inclusion
PHP remote file inclusion vulnerability in convert/mvcwconver.php in the Virtual War VWar module for PHPNuke-Clan PNC 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this...
CVE-2007-4606
CVE-2007-4606 describes a PHP remote file inclusion in the Virtual War (VWar) module of PHPNuke-Clan (PNC) 4.2.0 and earlier. The vulnerability arises in convert/mvcw_conver.php where an attacker can cause arbitrary PHP code execution by supplying a crafted URL in the vwar_root parameter. The iss...
vwar-rfi.txt
'/ -.- --------------------oOO------OOo-------------------- | VWar = v1.5.0 R15 mvcw.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.vwar.de ! Detected: 26.02.2007 ! Reported: 27.02.2007 ! Remote: yes !...
VWar <= v1.5.0 R15 (mvcw.php) Remote File Inclusion Vulnerability
No description provided by source. '/ -.- --------------------oOO------OOo-------------------- | VWar = v1.5.0 R15 mvcw.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.vwar.de ! Detected: 26.02.2007 !...
VWar <= v1.5.0 R15 (mvcw.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================= VWar = v1.5.0 R15 mvcw.php Remote File Inclusion Vulnerability ================================================================= '/ -.-...
VWar 1.5.0 R15 - mvcw.php Remote File Inclusion
VWar 1.5.0 R15 - mvcw.php Remote File Inclusion '/ -.- --------------------oOO------OOo-------------------- | VWar = v1.5.0 R15 mvcw.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.vwar.de ! Detected:...
VWar 1.5.0 R15 - 'mvcw.php' Remote File Inclusion
'/ -.- --------------------oOO------OOo-------------------- | VWar = v1.5.0 R15 mvcw.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.vwar.de ! Detected: 26.02.2007 ! Reported: 27.02.2007 ! Remote: yes !...
CVE-2007-2312
Multiple SQL injection vulnerabilities in the Virtual War VWar 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however,...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...
CVE-2007-2306
Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...
CVE-2007-2306
Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...