RSS   Vulnerabilities for 'Pegames'   RSS

2008-06-26
 
CVE-2008-2871

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 
2006-11-30
 
CVE-2006-6213

 

 
index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value.

 


Copyright 2024, cxsecurity.com

 

Back to Top