VWar versions 1.5.0 R15 and below suffer from a remote file inclusion vulnerability in mvcw.php.
6193e784ed80e4a150ca5d9f0ef5e6d49d9e4c5e6e90fb5ed6b9bcf095b4e515VWar suffers from cross site scripting, remote SQL injection, broken access controls and weak password generation vulnerabilities.
340cfcbbdfb9644effebb0512c1fe8ff862d9442b4ea2ba49f74bc3aab9d6bc7VWar version 1.5.0 suffers from a SQL injection vulnerability in calendar.php. This particular version of VWar is already known to suffer from many other SQL injection vulnerabilities.
5bd18b9fcd088c43a87ef8c6ae3132f88f1c310468db05c761bebd03d03b66e7Secunia Security Advisory - Janek Vind has discovered some vulnerabilities in the vWar module for PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks and cross-site scripting attacks.
4cd51ea0c6dc61597e0952cc5409c10f1e6ac8c4fa8c6720e1bcbea500a3c587Mandriva Linux Security Advisory MDKSA-2006-202 - Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
7c7a170215d8ae33f382b072dfbca29c8ecb0bc9628c12c3d5cea21da8f98bcfSecunia Security Advisory - Mandriva has issued an update for wvWare. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
45fa092c0e7c3633316911b1e1a5fb17a0683fcd0e9f3f25288b62bae3433134Secunia Security Advisory - Ubuntu has issued an update for wvWare. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
53012dba480e34b4e2f28aacd45db379a58afd2d7f3bb4cc19217ece9b9d205eiDefense Security Advisory 10.26.06 - Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability
8f68a8978984b0e3a5fe4be0692e8f18f211e7a2ad5bd97c2f7a27c96532b140iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability
a15abfbcbe15b9bba54b79957b5fd2e640440079be1d05e1b450a95b561ef26aSecunia Security Advisory - Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
e03b2ff2256dc74d720d39a607446cdc4797e2b3386ca6410bc5eb9180a2af4aVirtual War version 1.5.0 is riddled with SQL injection and cross site scripting flaws.
e97db2d77099c11dab83ed0b4b51321d4045576a98671e62a65787fa07e9bef5VWar versions 1.5.0 R14 and below suffer from a SQL injection flaw.
f428e395e863301b6ad897a622d9ea0678923dd3b1003c828d67f07de24e4a37Virtual War versions 1.5.0 and below suffer from SQL injection flaws.
4bab84d3f460570e3110ca4dc434816ca26bbc3298f5e072f7b7d8787d173b07Vwar version 1.5.0 and below suffer from SQL injection and cross site scripting flaws.
15d14a06b9bcc2e848898db3aeb737ace31f508d07d6463e35a40fbf24c3d0d7Secunia Security Advisory - A vulnerability has been reported in wvWare wv2 Library, which potentially can be exploited by malicious people to compromise an application using the library.
c7a0c559a3540b1dcf508270fce22c095e9a8a950c43e403b137f5e43309bd5cThe recent exploit provided by aliHackers for VWar (VWar ver 1.21 Remote Code Execution Exploit ) has also another affect on the higher unptached versions of vWAR such as v1.5 and also on versions less than 1.2 . Apart from the successful code execution exploit even if the exploit fails still running the following code on the web browser shows the full path of the installed modules even if the remote php shell is not achieved.
d98282e373a41ebc4911fdf1334453f7ce03792cd17661405fcdf8ac04983e8aVWar versions less than or equal to 1.21 remote code execution exploit.
595a5ecb4c341efa104c9eac2223f56b35870bbdb9993e1ed6fa5e452b3436cbVirtual War suffers from a remote file inclusion vulnerability in the vwar_root variable.
f670bd6b8b53d9fcd8a96cf245a18cc3b8dfb00c60d95bbdfaef7a980b7169ecVWar versions less than or equal to 1.5.0 R12 Remote File Inclusion Exploit
b628fa387321bd8c113f04eac1b366e436f7069bd8e0f606374299b4f804b18aVWar version 1.5.0 R11 and below remote command execution exploit.
b4bf7d3fa3219423536b9e28e36b61aaf94d831b2b7a74812717fc00a9893f44
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed