Vulnerabilities > THE WAR Forge
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-12 | CVE-2006-6996 | Cross-Site Scripting vulnerability in the WAR Forge Warforge.News 1.0 Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. network the-war-forge | 4.3 |
2006-04-18 | CVE-2006-1818 | Input Validation vulnerability in the WAR Forge Warforge.News 1.0 Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. | 2.6 |
2006-04-18 | CVE-2006-1817 | Input Validation vulnerability in the WAR Forge Warforge.News 1.0 SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie. | 2.6 |