EUVD-2006-3991

Malware in sbrugna...

EUVD-2006-3990

Malware in sbrugna...

WoWRoster subdir Parameter PHP Code Execution - Ver2 (CVE-2006-3997)

A code execution vulnerability has been reported in WoWRoster. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

wowroster-sql.txt

WoWRoster = 1.7.3 memberlog.php Non-critical Remote SQL Injection Vulnerability discovered by: SaKu This vulnerability is not critical, because the parameter $start is present after an 'ORDER BY' and a 'LIMIT'. You always will get the error: "1221: Incorrect usage of UNION and ORDER BY." Exploit:...

CVE-2006-3998

PHP remote file inclusion vulnerability in conf.php in WoWRoster aka World of Warcraft Roster 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter...

CVE-2006-3997

WoWRoster (World of Warcraft Roster) before 1.5.x is affected by a PHP remote file inclusion in hsList.php, exploitable via the subdir parameter to execute arbitrary PHP code on the affected server. This vulnerability arises in WoWRoster’s handling of user-supplied URLs and could allow remote cod...

CVE-2006-3997

PHP remote file inclusion vulnerability in hsList.php in WoWRoster aka World of Warcraft Roster 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter...

CVE-2006-3998

CVE-2006-3998 is a PHP remote file inclusion vulnerability in WoWRoster (World of Warcraft Roster) before or equal to version 1.5.1, arising from conf.php. An attacker can cause remote code execution by supplying a URL in the subdir parameter. The vulnerability is supported by NVD (CVSSv2 base sc...

CVE-2006-3998

PHP remote file inclusion vulnerability in conf.php in WoWRoster aka World of Warcraft Roster 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter...