Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by php_heaven
CVE-2007-6297 (GCVE-0-2007-6297)
Vulnerability from nvd – Published: 2007-12-10 18:00 – Updated: 2024-08-07 16:02
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/484575/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/26698 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3426 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071204 RFI and Multiple XSS in PhpMyChat",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484575/100/0/threaded"
},
{
"name": "26698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26698"
},
{
"name": "3426",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071204 RFI and Multiple XSS in PhpMyChat",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484575/100/0/threaded"
},
{
"name": "26698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26698"
},
{
"name": "3426",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071204 RFI and Multiple XSS in PhpMyChat",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484575/100/0/threaded"
},
{
"name": "26698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26698"
},
{
"name": "3426",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6297",
"datePublished": "2007-12-10T18:00:00.000Z",
"dateReserved": "2007-12-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2718 (GCVE-0-2004-2718)
Vulnerability from nvd – Published: 2007-10-06 21:00 – Updated: 2024-09-17 02:26
VLAI
EPSS
VEX
Summary
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/11894 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securiteam.com/unixfocus/6D00S0KC0S.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11894"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-06T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11894"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11894"
},
{
"name": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2718",
"datePublished": "2007-10-06T21:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:26:30.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2716 (GCVE-0-2004-2716)
Vulnerability from nvd – Published: 2007-10-06 21:00 – Updated: 2024-08-08 01:36
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/7152 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/11894 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/10556 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1010515 | vdb-entryx_refsource_SECTRACK |
Date Public
2004-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7152"
},
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "phpmychat-sql-injection(16442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16442"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7152"
},
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "phpmychat-sql-injection(16442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16442"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7152",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7152"
},
{
"name": "11894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "phpmychat-sql-injection(16442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16442"
},
{
"name": "20040422 phpMyChat 0.14.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2716",
"datePublished": "2007-10-06T21:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2717 (GCVE-0-2004-2717)
Vulnerability from nvd – Published: 2007-10-06 21:00 – Updated: 2024-08-08 01:36
VLAI
EPSS
VEX
Summary
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/11894 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/10556 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1010515 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/7150 | vdb-entryx_refsource_OSVDB |
Date Public
2004-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010515"
},
{
"name": "7150",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-03T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010515"
},
{
"name": "7150",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010515"
},
{
"name": "7150",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2717",
"datePublished": "2007-10-06T21:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2715 (GCVE-0-2004-2715)
Vulnerability from nvd – Published: 2007-10-06 21:00 – Updated: 2024-08-08 01:36
VLAI
EPSS
VEX
Summary
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/7149 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/11894 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/10556 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1010515 | vdb-entryx_refsource_SECTRACK |
Date Public
2004-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7149",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7149"
},
{
"name": "phpmychat-auth-bypass(16440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16440"
},
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7149",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7149"
},
{
"name": "phpmychat-auth-bypass(16440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16440"
},
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7149",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7149"
},
{
"name": "phpmychat-auth-bypass(16440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16440"
},
{
"name": "11894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2715",
"datePublished": "2007-10-06T21:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6297 (GCVE-0-2007-6297)
Vulnerability from cvelistv5 – Published: 2007-12-10 18:00 – Updated: 2024-08-07 16:02
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/484575/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/26698 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3426 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071204 RFI and Multiple XSS in PhpMyChat",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484575/100/0/threaded"
},
{
"name": "26698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26698"
},
{
"name": "3426",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071204 RFI and Multiple XSS in PhpMyChat",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484575/100/0/threaded"
},
{
"name": "26698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26698"
},
{
"name": "3426",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071204 RFI and Multiple XSS in PhpMyChat",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484575/100/0/threaded"
},
{
"name": "26698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26698"
},
{
"name": "3426",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6297",
"datePublished": "2007-12-10T18:00:00.000Z",
"dateReserved": "2007-12-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2718 (GCVE-0-2004-2718)
Vulnerability from cvelistv5 – Published: 2007-10-06 21:00 – Updated: 2024-09-17 02:26
VLAI
EPSS
VEX
Summary
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/11894 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securiteam.com/unixfocus/6D00S0KC0S.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11894"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-06T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11894"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11894"
},
{
"name": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2718",
"datePublished": "2007-10-06T21:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:26:30.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2716 (GCVE-0-2004-2716)
Vulnerability from cvelistv5 – Published: 2007-10-06 21:00 – Updated: 2024-08-08 01:36
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/7152 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/11894 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/10556 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1010515 | vdb-entryx_refsource_SECTRACK |
Date Public
2004-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7152"
},
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "phpmychat-sql-injection(16442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16442"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7152"
},
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "phpmychat-sql-injection(16442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16442"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7152",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7152"
},
{
"name": "11894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "phpmychat-sql-injection(16442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16442"
},
{
"name": "20040422 phpMyChat 0.14.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2716",
"datePublished": "2007-10-06T21:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2717 (GCVE-0-2004-2717)
Vulnerability from cvelistv5 – Published: 2007-10-06 21:00 – Updated: 2024-08-08 01:36
VLAI
EPSS
VEX
Summary
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/11894 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/10556 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1010515 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/7150 | vdb-entryx_refsource_OSVDB |
Date Public
2004-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010515"
},
{
"name": "7150",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-03T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010515"
},
{
"name": "7150",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010515"
},
{
"name": "7150",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2717",
"datePublished": "2007-10-06T21:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2715 (GCVE-0-2004-2715)
Vulnerability from cvelistv5 – Published: 2007-10-06 21:00 – Updated: 2024-08-08 01:36
VLAI
EPSS
VEX
Summary
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/7149 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/11894 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/10556 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1010515 | vdb-entryx_refsource_SECTRACK |
Date Public
2004-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7149",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7149"
},
{
"name": "phpmychat-auth-bypass(16440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16440"
},
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7149",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7149"
},
{
"name": "phpmychat-auth-bypass(16440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16440"
},
{
"name": "11894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7149",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7149"
},
{
"name": "phpmychat-auth-bypass(16440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16440"
},
{
"name": "11894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11894"
},
{
"name": "10556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10556"
},
{
"name": "20040422 phpMyChat 0.14.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html"
},
{
"name": "1010515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2715",
"datePublished": "2007-10-06T21:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}