CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 10607 | CVE-2004-2181 | Candidate | Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65. | Assigned (20050711) | REVIEWING(1) Christey | Christey> The view_user.php/sort_by vector is covered by several CVEs. | Need to figure out how to handle this. | View |
| 10408 | CVE-2004-1982 | Candidate | Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board"s .txt file via carriage return characters in the subject field. | Assigned (20050504) | REVIEWING(1) Christey | Christey> likely dupe with CVE-2004-2140 | View |
| 12760 | CVE-2005-1554 | Candidate | SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter. | Assigned (20050514) | REVIEWING(1) Christey | Christey> The view_user.php/sort_by vector is covered by several CVEs. | Need to figure out how to handle this. | View |
| 9446 | CVE-2004-1018 | Candidate | Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | Assigned (20041104) | REVIEWING(1) Christey | Christey> There is active disagreement regarding whether this satisfies the | criteria for inclusion in CVE, because the attack vectors require | function parameters that are typically controlled only by the | application developer, not an external attacker. This would mean that | the PHP application owner could exploit it | | Since various PHP functions already allow the application owner to | execute commands, no additional privileges would be gained by | exploiting such a bug. However, if safe_mode is enabled in PHP, then | the PHP functions related to execution are restricted | (e.g. shell_exec()). Thus, exploitation may allow the PHP application | owner to execute code *despite* the configured restrictions imposed by | safe mode, which then qualifies this as a vulnerability. | View |
| 9448 | CVE-2004-1020 | Candidate | The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | Assigned (20041104) | REVIEWING(1) Christey | Christey> There is active disagreement regarding whether this satisfies the | criteria for inclusion in CVE, because the attack vectors require | function parameters that are typically controlled only by the | application developer, not an external attacker. This would mean that | only the PHP application owner could exploit it. | | Since the application developer presumably already has acccess | to the underlying file system, directory traversal attacks provide no | additional access to the application owner. Therefore, this candidate | would only be valid if there are cases in which the attacker can | inject a null character into a string that is processed by addslashes. | View |
Page 20943 of 20943, showing 5 records out of 104715 total, starting on record 104711, ending on 104715
