21 matches found
CVE-2007-3808
PaFileDB 3.6 is affected by an SQL injection in includes/search.php via the categories[] parameter in a search action to index.php, as per CVE-2007-3808. The root cause is unsanitized input in the search categories array, enabling remote SQL execution. This vector is described as different from C...
CVE-2004-1975
The CVE-2004-1975 issue affects paFileDB 3.1 and specifically the category module (pafiledb.php) . It is an XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the id parameter . The vulnerability is described as closely related to CVE-2004-1551. No further t...
CVE-2005-0782
CVE-2005-0782 is a cross-site scripting (XSS) vulnerability in paFileDB 3.1 and earlier, affecting viewall.php and category.php. The start parameter to pafiledb.php enables remote attackers to inject arbitrary script/HTML. The NVD entry notes MEDIUM impact (I partial) with CVSS v2.0 base score 4....
CVE-2005-0952
CVE-2005-0952 describes a cross-site scripting vulnerability in the PaFileDB 3.1 web application, specifically in pafiledb.php where the attacker can inject arbitrary script via the id parameter. The vulnerability is documented across multiple sources (NVD/Nessus/NVD CVE record). Exploitation cou...
CVE-2002-1929
Technical details about CVE-2002-1929 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2004-1219
PaFileDB
CVE-2006-2361
CVE-2006-2361 describes a PHP remote file inclusion in pafiledb_constants.php within the Download Manager (mxBB pafiledb) integration used with phpBB. The underlying issue is an attacker-controlled URL in the module_root_path parameter that can lead to arbitrary PHP code execution on the server. ...
CVE-2004-1974
paFileDB 3.1 is affected by an information disclosure vulnerability where remote attackers can learn sensitive path information by issuing direct requests to pages (login.php, category.php, search.php, main.php, viewall.php, download.php, email.php, file.php, rate.php, stats.php). The underlying ...
CVE-2005-0724
CVE-2005-0724 affects paFileDB versions 3.1 and earlier. Affected component: PHP application paFileDB; root cause is that an invalid str parameter to pafiledb.php or direct requests to viewall.php, stats.php, search.php, rate.php, main.php, license.php, category.php, download.php, file.php, email...
CVE-2005-2001
CVE-2005-2001 : The vulnerability affects paFileDB 3.1 and earlier, where a directory traversal flaw allows remote attackers to include arbitrary files via ".." in the action parameter. The NVD/CVE entries concur on the description, with a CVSS v2 base score of 5.0 (Medium) and links to historica...
CVE-2005-0326
PaFileDB 3.1's pafiledb.php is vulnerable to information disclosure when the action parameter is invalid or missing, causing an error message that reveals the server path if login.php cannot be included. This is a remote-information-disclosure issue affecting PaFileDB 3.1 per CVE-2005-0326 (NVD/N...
CVE-2005-0780
CVE-2005-0780 affects paFileDB 3.1 and earlier, where remote attackers can trigger PHP errors via direct requests to auth.php, login.php, category.php, file.php, team.php, license.php, custom.php, admins.php, or backupdb.php, revealing the server path and potentially sensitive information. The pu...
CVE-2005-2723
CVE-2005-2723 refers to a SQL injection in PaFileDB 3.1’s auth.php when authmethod is configured to cookies, exploitable via the pafiledbcookie cookie username value. Multiple sources confirm the issue and indicate the remote attacker could potentially manipulate SQL commands, with at least one N...
CVE-2005-1999
CVE-2005-1999 corresponds to multiple XSS vulnerabilities in paFileDB 3.1 (paFileDB 3.1) where an attacker can inject arbitrary script or HTML via the sortby, filelist (category.php) or pages (viewall.php) parameters. The affected component is pafiledb.php; root cause is improper sanitization of ...
CVE-2005-0327
The CVE-2005-0327 entry concerns paFileDB 3.1, where pafiledb.php may allow remote code execution. The vulnerability arises from a modified action parameter used in an include statement for login.php, enabling an attacker to have PHP code executed on the remote server. The provided documents desc...
CVE-2005-0723
CVE-2005-0723 concerns paFileDB
CVE-2005-2000
CVE-2005-2000 concerns multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier . The affected vectors allow remote attackers to execute arbitrary SQL commands via several inputs, specifically: the second formname parameter in login forms, the team login form, and the inputs to pafiledb...
CVE-2002-1931
The CVE-2002-1931 entry concerns a cross-site scripting (XSS) flaw in PHP Arena paFileDB versions 1.1.3 and 2.1.1. The vulnerability arises from insufficient input sanitization in the search string, allowing an attacker to inject arbitrary JavaScript/HTML that could execute in a user’s browser. A...
CVE-2004-1551
The CVE-2004-1551 entry describes a Cross-site scripting (XSS) vulnerability in paFileDB 3.1 Final affecting the (1) email and (2) file modules. The attack path is via the id parameter, allowing remote attackers to execute arbitrary script/HTML in a victim’s browser. Affected product: paFileDB 3....
CVE-2005-0781
CVE-2005-0781 affects paFileDB 3.1 and earlier, with SQL injection in viewall.php and category.php via the start parameter to pafiledb.php, enabling remote execution of arbitrary SQL commands. The vulnerability is documented in NVD as a SQLi in paFileDB 3.1 and earlier; exploitation details are n...
CVE-2005-4329
CVE-2005-4329 affects PHP Arena paFileDB Extreme Edition RC 5 and earlier . The vulnerability is a SQL injection in the file pafiledb.php , allowing remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameters. The initial details show a network attack vector with a...