22 matches found
CVE-2007-4605
CVE-2007-4605 is a PHP remote file inclusion in Virtual War (VWar) prior to or including 1.5.0 R15. The vulnerability is triggered in convert/mvcw.php via the vwar_root parameter, allowing arbitrary PHP code execution. Related connected docs corroborate VWar RFI patterns affecting multiple script...
CVE-2006-1503
CVE-2006-1503 describes a PHP remote file inclusion in Virtual War (VWar) 1.5.0 R11 and earlier. The vulnerability occurs in includes/functions_install.php where a URL supplied via the vwar_root parameter can cause arbitrary PHP code execution on the affected system. This is a classic RFI risk fo...
CVE-2006-1747
CVE-2006-1747 affects Virtual War (VWar) 1.5.0 and earlier. It is a PHP remote file inclusion vulnerability allowing an attacker to execute arbitrary PHP code by supplying a URL in the vwar_root parameter to admin/admin.php, war.php, stats.php, news.php, joinus.php, challenge.php, calendar.php, m...
CVE-2006-1636
CVE-2006-1636 affects Virtual War (VWar) 1.5.0 R12 and earlier. The flaw is a PHP remote file inclusion in get_header.php that allows an attacker to supply a URL via the vwar_root parameter to include arbitrary PHP code. Connected references also cover other VWar R1x vectors (e.g., CVE-2006-1747 ...
CVE-2007-2306
The CVE-2007-2306 entry describes multiple XSS vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke when register_globals is enabled. The affected components are the extra/login.php (memberlist parameter) and extra/today.php (title parameter). The impact is that rem...
CVE-2010-5064
CVE-2010-5064 pertains to Virtual War (aka VWar) 1.6.1 R2, where multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via user-input fields such as Additional Information in challenge.php, Additional Information or Contact information i...
CVE-2008-0753
CVE-2008-0753 describes an SQL injection in the calendar.php file of Virtual War (VWar) 1.5, exploitable remotely via the month parameter. The vulnerability allows an attacker to execute arbitrary SQL commands. According to the associated records, the issue is triggered by unvalidated input in th...
CVE-2006-4224
CVE-2006-4224 is an XSS vulnerability in Virtual War (VWar) calendar.php affecting VWar 1.5.0 and earlier. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the year parameter. The CVE also notes that the page parameter vector is covered by CVE-2006-4009. No fur...
CVE-2006-3139
CVE-2006-3139 concerns multiple SQL injection flaws in war.php of Virtual War (VWar) 1.5.0 R14 and earlier. The vulnerability arises in the war.php handler, where user-supplied input through the parameters (s, showgame, sortorder, sortby) is used to construct SQL queries, enabling remote attacker...
CVE-2006-4009
CVE-2006-4009 describes an XSS in the Virtual War (VWar) application. Affected: VWar versions up to 1.5.0 and earlier, exploitable through the page parameter in the file war.php (also echoed by related CVE-2006-4224 noting that the page vector is covered by CVE-2006-4009). Root cause: insufficien...
CVE-2010-5063
The CVE-2010-5063 issue affects Virtual War (aka VWar) 1.6.1 R2: a SQL injection in article.php exploitable via the ratearticleselect parameter may allow remote attackers to execute arbitrary SQL commands. This is a server-side input handling flaw in the affected product/component, enabling unrel...
CVE-2010-5066
CVE-2010-5066 affects Virtual War (VWar) 1.6.1 R2. The createRandomPassword function in includes/functions_common.php uses a small seed range for mt_srand, which reduces randomness and Leaks passwords to brute-force attempts by remote attackers. Root cause: limited seed space for the PHP random g...
CVE-2011-3813
CVE-2011-3813 affects Virtual War (VWar) 1.5.0r15. Affected component/file paths (e.g., includes/language/dutch.inc.php) can disclose installation path via an error message when a direct request is made to a .php file. This is an information-disclosure vulnerability described across multiple sour...
CVE-2007-2312
The CVE-2007-2312 entry identifies multiple SQL injection vulnerabilities in Virtual War (VWar) 1.5.0 R15 for PHP-Nuke, exploitable via the n parameter to extra/online.php and other scripts in extra/. The underlying issue is unsafely constructed SQL in these scripts, enabling remote execution of ...
CVE-2010-5067
The CVE-2010-5067 entry concerns Virtual War (VWar) 1.6.1 R2, which uses static session cookies that depend only on a user’s password. This design enables remote attackers to bypass session timeout/logout and retain access by knowledge of a session cookie. The available connected documents confir...
CVE-2006-4010
CVE-2006-4010 describes a SQL injection vulnerability in war.php of Virtual War (VWar) 1.5.0 and earlier, allowing remote attackers to execute arbitrary SQL commands through the page parameter. The vulnerability is explicitly part of a broader issue with VWar, with related vectors covered by CVE-...
CVE-2006-4142
CVE-2006-4142 describes an SQL injection in Virtual War (VWar) 1.5.0 R14 and earlier, occurring in extra/online.php via the n parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands and has an attack surface classified as network with low complexity and no authentic...
CVE-2005-4748
Technical details about CVE-2005-4748 are not publicly provided in the supplied documents; no concrete vulnerabilities, affected versions, or fixes are described. Monitor for updates.
CVE-2006-2091
CVE-2006-2091 affects Virtual War (VWar) — specifically VWar 1.5 and all versions before 1.2. The issue is an information disclosure: an invalid vwar_root parameter causes an error message that reveals the server path. This is a remote-access concern with partial confidentiality impact and no int...
CVE-2010-5065
The CVE-2010-5065 entry concerns Virtual War (aka VWar) version 1.6.1 R2. A vulnerability in popup.php allows remote attackers to bypass intended member restrictions and read news posts by manipulating the newsid parameter in a printnews action. The issue enables unauthorized access to restricted...
CVE-2010-5279
CVE-2010-5279 affects Virtual War (aka VWar) 1.6.1 R2. The issue is a remote DoS due to memory consumption triggered by a large integer in the ratearticleselect parameter of article.php. Connected documents confirm the impact as described; no exploit code or broader exploitability details are pro...
CVE-2006-4141
CVE-2006-4141 affects Virtual War (VWar) prior to 1.5.0, specifically the news.php module. It exposes a SQL injection vulnerability exploitable via the sortby and sortorder parameters, allowing remote attackers to execute arbitrary SQL commands. The CVE entry notes a base score of 7.5 (HIGH) with...