RSS   Podatności dla 'Psychostats'   RSS

2013-05-31
 
CVE-2013-3721

CWE-89
 

 
SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.

 
2009-03-06
 
CVE-2008-6422

 

 
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.

 
2007-05-30
 
CVE-2007-2914

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.

 
2007-05-21
 
CVE-2007-2780

CWE-200
 

 
PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.

 
2004-12-31
 
CVE-2004-1417

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top