Search criteria
66 vulnerabilities found for virtual_war by vwar
CVE-2010-5279 (GCVE-0-2010-5279)
Vulnerability from nvd – Published: 2012-10-08 10:00 – Updated: 2024-09-17 02:05
VLAI
Summary
article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5279",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2012-10-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:05:59.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5067 (GCVE-0-2010-5067)
Vulnerability from nvd – Published: 2012-10-08 10:00 – Updated: 2024-09-16 20:48
VLAI
Summary
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user\u0027s password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user\u0027s password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5067",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:48:08.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5066 (GCVE-0-2010-5066)
Vulnerability from nvd – Published: 2012-10-08 10:00 – Updated: 2024-09-16 16:52
VLAI
Summary
The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5066",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:52:37.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5065 (GCVE-0-2010-5065)
Vulnerability from nvd – Published: 2012-10-08 10:00 – Updated: 2024-09-16 16:57
VLAI
Summary
popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5065",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:57:39.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5064 (GCVE-0-2010-5064)
Vulnerability from nvd – Published: 2012-10-08 10:00 – Updated: 2024-09-16 17:19
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5064",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:19:08.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5063 (GCVE-0-2010-5063)
Vulnerability from nvd – Published: 2012-10-08 10:00 – Updated: 2024-09-16 22:29
VLAI
Summary
SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/29001 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "29001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29001"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "29001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29001"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "29001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29001"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5063",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:29:45.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3813 (GCVE-0-2011-3813)
Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-09-17 02:21
VLAI
Summary
Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3813",
"datePublished": "2011-09-24T00:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:48.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0753 (GCVE-0-2008-0753)
Vulnerability from nvd – Published: 2008-02-13 19:00 – Updated: 2024-08-07 07:54
VLAI
Summary
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/487900/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/27722 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3643 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-02-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080210 Vwar 1.5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded"
},
{
"name": "27722",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27722"
},
{
"name": "3643",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080210 Vwar 1.5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded"
},
{
"name": "27722",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27722"
},
{
"name": "3643",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080210 Vwar 1.5.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded"
},
{
"name": "27722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27722"
},
{
"name": "3643",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0753",
"datePublished": "2008-02-13T19:00:00.000Z",
"dateReserved": "2008-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:23.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4605 (GCVE-0-2007-4605)
Vulnerability from nvd – Published: 2007-08-31 00:00 – Updated: 2024-08-07 15:01
VLAI
Summary
PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/4332 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4332",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4332"
},
{
"name": "vwar-mvcw-file-include(36316)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4332",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4332"
},
{
"name": "vwar-mvcw-file-include(36316)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4332",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4332"
},
{
"name": "vwar-mvcw-file-include(36316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4605",
"datePublished": "2007-08-31T00:00:00.000Z",
"dateReserved": "2007-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2312 (GCVE-0-2007-2312)
Vulnerability from nvd – Published: 2007-04-26 21:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.attrition.org/pipermail/vim/2007-April… | mailing-listx_refsource_VIM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/23478 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/465612/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/2642 | third-party-advisoryx_refsource_SREASON |
| http://www.waraxe.us/advisory-48.html | x_refsource_MISC |
Date Public
2007-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html"
},
{
"name": "vwar-online-sql-injection(33649)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33649"
},
{
"name": "23478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23478"
},
{
"name": "20070413 [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"
},
{
"name": "2642",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-48.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html"
},
{
"name": "vwar-online-sql-injection(33649)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33649"
},
{
"name": "23478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23478"
},
{
"name": "20070413 [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"
},
{
"name": "2642",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-48.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html"
},
{
"name": "vwar-online-sql-injection(33649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33649"
},
{
"name": "23478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23478"
},
{
"name": "20070413 [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"
},
{
"name": "2642",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2642"
},
{
"name": "http://www.waraxe.us/advisory-48.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-48.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2312",
"datePublished": "2007-04-26T21:00:00.000Z",
"dateReserved": "2007-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2306 (GCVE-0-2007-2306)
Vulnerability from nvd – Published: 2007-04-26 21:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/23478 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/465612/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/2642 | third-party-advisoryx_refsource_SREASON |
| http://www.waraxe.us/advisory-48.html | x_refsource_MISC |
Date Public
2007-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vwar-login-today-xss(33647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33647"
},
{
"name": "23478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23478"
},
{
"name": "20070413 [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"
},
{
"name": "2642",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-48.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vwar-login-today-xss(33647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33647"
},
{
"name": "23478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23478"
},
{
"name": "20070413 [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"
},
{
"name": "2642",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-48.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vwar-login-today-xss(33647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33647"
},
{
"name": "23478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23478"
},
{
"name": "20070413 [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"
},
{
"name": "2642",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2642"
},
{
"name": "http://www.waraxe.us/advisory-48.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-48.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2306",
"datePublished": "2007-04-26T21:00:00.000Z",
"dateReserved": "2007-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2010-5063
Vulnerability from fkie_nvd - Published: 2012-10-08 10:47 - Updated: 2026-04-29 01:13
Severity
Summary
SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.6.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "F27251B8-7B01-4D5E-8858-76C875E2B581",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en article.php en Virtual War (tambi\u00e9n conocido como VWar) v1.6.1 R2, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro ratearticleselect."
}
],
"id": "CVE-2010-5063",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T10:47:44.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5066
Vulnerability from fkie_nvd - Published: 2012-10-08 10:47 - Updated: 2026-04-29 01:13
Severity
Summary
The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.6.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "F27251B8-7B01-4D5E-8858-76C875E2B581",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack."
},
{
"lang": "es",
"value": "La funci\u00f3n createRandomPassword en includes/functions_common.php en Virtual War (tambi\u00e9n conocido como VWar) v1.6.1 R2 usa un rango de valores peque\u00f1o para seleccionar la semilla para el argumento para la funci\u00f3n PHP mt_srand, lo que facilita a atacantes remotos a determinar las contrase\u00f1as generadas de forma aleatorio a trav\u00e9s de ataques por fuerza bruta."
}
],
"id": "CVE-2010-5066",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T10:47:44.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5064
Vulnerability from fkie_nvd - Published: 2012-10-08 10:47 - Updated: 2026-04-29 01:13
Severity
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.6.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "F27251B8-7B01-4D5E-8858-76C875E2B581",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Virtual War (tambi\u00e9n conocido como VWar) v1.6.1 R2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) El campo Additional Information sobre challenge.php, el campo (2) Additional Information o (3) Contact information sobre joinus.php, (4) el campo War Report sobre admin/admin.php en una acci\u00f3n finishwar, o (5) el campo Nick sobre profile.php.\r\n"
}
],
"id": "CVE-2010-5064",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-08T10:47:44.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5065
Vulnerability from fkie_nvd - Published: 2012-10-08 10:47 - Updated: 2026-04-29 01:13
Severity
Summary
popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.6.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "F27251B8-7B01-4D5E-8858-76C875E2B581",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action."
},
{
"lang": "es",
"value": "popup.php en Virtual War (tambi\u00e9n conocido como VWar) v1.6.1 R2 permite a atacantes remotos evitar las restricciones impuestas a miembros y leer post de noticias a trav\u00e9s del par\u00e1metro newsid en una acci\u00f3n printnews."
}
],
"id": "CVE-2010-5065",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T10:47:44.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5067
Vulnerability from fkie_nvd - Published: 2012-10-08 10:47 - Updated: 2026-04-29 01:13
Severity
Summary
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.6.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "F27251B8-7B01-4D5E-8858-76C875E2B581",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user\u0027s password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie."
},
{
"lang": "es",
"value": "Virtual War (alias VWar) v1.6.1 R2 utiliza cookies de sesi\u00f3n est\u00e1ticas que dependen s\u00f3lo de la contrase\u00f1a de un usuario, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos evitar acciones de timeout o logout, y mantener el acceso durante un largo periodo de tiempo, al aprovechar el conocimiento de una cookie de sesi\u00f3n."
}
],
"id": "CVE-2010-5067",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T10:47:44.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5279
Vulnerability from fkie_nvd - Published: 2012-10-08 10:47 - Updated: 2026-04-29 01:13
Severity
Summary
article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.6.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "F27251B8-7B01-4D5E-8858-76C875E2B581",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter."
},
{
"lang": "es",
"value": "article.php en Virtual War (alias VWar) v1.6.1 R2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un entero grande en el par\u00e1metro ratearticleselect."
}
],
"id": "CVE-2010-5279",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T10:47:44.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3813
Vulnerability from fkie_nvd - Published: 2011-09-24 00:55 - Updated: 2026-04-29 01:13
Severity
Summary
Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.5.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "65F0FED7-C78D-4FF9-BF4E-C58A07D30DDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files."
},
{
"lang": "es",
"value": "Virtual War (tambi\u00e9n conocido como VWar) v1.5.0r15 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con includes/language/dutch.inc.php y algunos otros archivos."
}
],
"id": "CVE-2011-3813",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:03.723",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0753
Vulnerability from fkie_nvd - Published: 2008-02-13 20:00 - Updated: 2026-04-23 00:35
Severity
Summary
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2604BF9F-711A-4423-B325-48A9BBE96A0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en calendar.php de Virtual War (VWar) 1.5, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro month (mes)."
}
],
"id": "CVE-2008-0753",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-13T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3643"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27722"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4605
Vulnerability from fkie_nvd - Published: 2007-08-31 00:17 - Updated: 2026-04-23 00:35
Severity
Summary
PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1636A560-7F37-4BB8-AC45-21B35CA6D11C",
"versionEndIncluding": "1.5.0_r15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en el convert/mvcw.php del irtual War (VWar) 1.5.0 R15 y versiones anteriores permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro vwar_root. Vulnerabilidad diferente a la CVE-2006-1503, la CVE-2006-1636 y la CVE-2006-1747."
}
],
"id": "CVE-2007-4605",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-31T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4332"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2312
Vulnerability from fkie_nvd - Published: 2007-04-26 21:19 - Updated: 2026-04-23 00:35
Severity
Summary
Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vwar | virtual_war | 1.5.0_r15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vwar:virtual_war:1.5.0_r15:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FAD0E2-D7F0-4173-96BA-1675CCEB16DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Virtual War (VWar) 1.5.0 R15 m\u00f3dulo para PHP-Nuke permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro n en extra/online.php y otros scripts no especificados en extra/.\r\nNOTA: esta podr\u00eda ser la misma vulnerabilidad que CVE-2006-4142; sin embargo, hay un anuncio de reparaci\u00f3n del fabricante interviniente."
}
],
"id": "CVE-2007-2312",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-26T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2642"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23478"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-48.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-48.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33649"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-5063 (GCVE-0-2010-5063)
Vulnerability from cvelistv5 – Published: 2012-10-08 10:00 – Updated: 2024-09-16 22:29
VLAI
Summary
SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/29001 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "29001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29001"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "29001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29001"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "29001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29001"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5063",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:29:45.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5064 (GCVE-0-2010-5064)
Vulnerability from cvelistv5 – Published: 2012-10-08 10:00 – Updated: 2024-09-16 17:19
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5064",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:19:08.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5065 (GCVE-0-2010-5065)
Vulnerability from cvelistv5 – Published: 2012-10-08 10:00 – Updated: 2024-09-16 16:57
VLAI
Summary
popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5065",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:57:39.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5067 (GCVE-0-2010-5067)
Vulnerability from cvelistv5 – Published: 2012-10-08 10:00 – Updated: 2024-09-16 20:48
VLAI
Summary
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user\u0027s password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user\u0027s password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5067",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:48:08.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5279 (GCVE-0-2010-5279)
Vulnerability from cvelistv5 – Published: 2012-10-08 10:00 – Updated: 2024-09-17 02:05
VLAI
Summary
article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5279",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2012-10-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:05:59.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5066 (GCVE-0-2010-5066)
Vulnerability from cvelistv5 – Published: 2012-10-08 10:00 – Updated: 2024-09-16 16:52
VLAI
Summary
The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dmcdonald.net/vwar.txt | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2010/Aug/235 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dmcdonald.net/vwar.txt",
"refsource": "MISC",
"url": "http://dmcdonald.net/vwar.txt"
},
{
"name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5066",
"datePublished": "2012-10-08T10:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:52:37.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3813 (GCVE-0-2011-3813)
Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-09-17 02:21
VLAI
Summary
Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vwar-1.5.0r15"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3813",
"datePublished": "2011-09-24T00:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:48.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0753 (GCVE-0-2008-0753)
Vulnerability from cvelistv5 – Published: 2008-02-13 19:00 – Updated: 2024-08-07 07:54
VLAI
Summary
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/487900/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/27722 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3643 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-02-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080210 Vwar 1.5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded"
},
{
"name": "27722",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27722"
},
{
"name": "3643",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080210 Vwar 1.5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded"
},
{
"name": "27722",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27722"
},
{
"name": "3643",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080210 Vwar 1.5.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded"
},
{
"name": "27722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27722"
},
{
"name": "3643",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0753",
"datePublished": "2008-02-13T19:00:00.000Z",
"dateReserved": "2008-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:23.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4605 (GCVE-0-2007-4605)
Vulnerability from cvelistv5 – Published: 2007-08-31 00:00 – Updated: 2024-08-07 15:01
VLAI
Summary
PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/4332 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4332",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4332"
},
{
"name": "vwar-mvcw-file-include(36316)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4332",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4332"
},
{
"name": "vwar-mvcw-file-include(36316)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4332",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4332"
},
{
"name": "vwar-mvcw-file-include(36316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4605",
"datePublished": "2007-08-31T00:00:00.000Z",
"dateReserved": "2007-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}