Filtered by vendor Php Handicapper
Subscriptions
Filtered by product Php Handicapper
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4712 | 1 Php Handicapper | 1 Php Handicapper | 2024-09-16 | N/A |
| CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. | ||||
| CVE-2005-3496 | 1 Php Handicapper | 1 Php Handicapper | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct. | ||||
Page 1 of 1.