Virtual War Security Vulnerabilities and Issues — Virtual War CVE List

Lucene search

VwarVirtual War

5 matches found

CVE•added 2006/03/30 1:6 a.m.•58 views

CVE-2006-1503

PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1636.

5.1CVSS7.2AI score0.01834EPSS

CVE•added 2011/09/24 12:55 a.m.•41 views

CVE-2011-3813

Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files.

5CVSS6.3AI score0.00283EPSS

CVE•added 2006/04/29 10:2 a.m.•37 views

CVE-2006-2091

admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message.

5CVSS6.2AI score0.00391EPSS

CVE•added 2012/10/08 10:47 a.m.•36 views

CVE-2010-5065

popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.

5CVSS6.8AI score0.00184EPSS

CVE•added 2012/10/08 10:47 a.m.•33 views

CVE-2010-5279

article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.

5CVSS6.8AI score0.00481EPSS