120 matches found
CVE-2007-2306
Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...
[waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke
waraxe-2007-SA048 - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke Author: Janek Vind "waraxe" Date: 13. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-48.html Target software description: VWar module for PhpNuke http://www.vwar.de/ VWar is a webbased...
VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability
No description provided by source. .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar = v1.50 R14 . . : contact :...
vwar150.txt
.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid, name, lastactivity line 65: FROM...
CVE-2006-4224
Cross-site scripting XSS vulnerability in calendar.php in Virtual War VWar 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009...
CVE-2006-4224
CVE-2006-4224 is an XSS vulnerability in Virtual War (VWar) calendar.php affecting VWar 1.5.0 and earlier. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the year parameter. The CVE also notes that the page parameter vector is covered by CVE-2006-4009. No fur...
CVE-2006-4142
SQL injection vulnerability in extra/online.php in Virtual War VWar 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter...
CVE-2006-4141
SQL injection vulnerability in news.php in Virtual War VWar 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 sortby and 2 sortorder parameters...
CVE-2006-4141
CVE-2006-4141 affects Virtual War (VWar) prior to 1.5.0, specifically the news.php module. It exposes a SQL injection vulnerability exploitable via the sortby and sortorder parameters, allowing remote attackers to execute arbitrary SQL commands. The CVE entry notes a base score of 7.5 (HIGH) with...
CVE-2006-4142
CVE-2006-4142 describes an SQL injection in Virtual War (VWar) 1.5.0 R14 and earlier, occurring in extra/online.php via the n parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands and has an attack surface classified as network with low complexity and no authentic...
VWar <= 1.50 R14 (n) Remote SQL Injection
.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | / / :. . ..: ||| / .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar = v1.50 R14 . . : contact :...
VWar 1.50 R14 - online.php SQL Injection
VWar 1.50 R14 - online.php SQL Injection .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid,...
VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================ VWar \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid, name,...
VWar 1.50 R14 - 'online.php' SQL Injection
.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid, name, lastactivity line 65: FROM...
CVE-2006-4010
SQL injection vulnerability in war.php in Virtual War Vwar 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139...
CVE-2006-4009
CVE-2006-4009 describes an XSS in the Virtual War (VWar) application. Affected: VWar versions up to 1.5.0 and earlier, exploitable through the page parameter in the file war.php (also echoed by related CVE-2006-4224 noting that the page vector is covered by CVE-2006-4009). Root cause: insufficien...
CVE-2006-4010
CVE-2006-4010 describes a SQL injection vulnerability in war.php of Virtual War (VWar) 1.5.0 and earlier, allowing remote attackers to execute arbitrary SQL commands through the page parameter. The vulnerability is explicitly part of a broader issue with VWar, with related vectors covered by CVE-...
CVE-2006-4010
SQL injection vulnerability in war.php in Virtual War Vwar 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139...
VWar 1.5 - war.php?vwar_root Remote File Inclusion
VWar 1.5 - war.php?vwarroot Remote File Inclusion source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary...
VWar 1.5 - challenge.php?vwar_root Remote File Inclusion
VWar 1.5 - challenge.php?vwarroot Remote File Inclusion source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an...