Vulnerabilities > Eschew NET

DATE CVE VULNERABILITY TITLE RISK
2006-06-19 CVE-2006-3013 SQL Injection vulnerability in phpBannerExchange
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command.
network
high complexity
eschew-net
5.1
2006-06-19 CVE-2006-3012 SQL Injection vulnerability in phpBannerExchange
SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php.
network
low complexity
eschew-net
7.5
2006-03-14 CVE-2006-1201 Directory Traversal vulnerability in Eschew.Net PHPBannerExchange
Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a ..
network
low complexity
eschew-net
5.0