518 matches found
BBCode injection vulnerability
PMASA-2016-17 Announcement-ID: PMASA-2016-17 Date: 2016-06-23 Summary BBCode injection vulnerability Description A vulnerability was discovered that allows an BBCode injection to setup script in case it's not accessed on https. Severity We consider this to be non-critical. Mitigation factor Alway...
phpBB BBCode IMG Tag script injection vulnerability
phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A script injection vulnerability exists in phpBB because the program fails to adequately filter user-submitt...
FlatNuke <= 3.1.x BBCode IMG Tag Script Injection Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------- + FlatNuke = 3.1.x viewnews BBCode IMG Tag Script Injection PoC ------------------------------------------------------------------------- Discovered by Juri Gianni -...
ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------...
PHPBB 2.0.x URL Tag BBCode.PHP Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13545/info The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script. The bbcode url tag is not properly sanitized of user-supplied input. This could permit t...
PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification
No description provided by source. PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili [email protected] Marco 'whitesheep' Rondini [email protected] Alessandro 'scox' Scoscia [email protected] In error.php, PhpMyAdmi...
PostBoard 2.0 BBCode IMG Tag Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4559/info PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems. PostBoard does not sanitize code...
HTML::BBCode 1.03/1.04 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16680/info HTML::BBCode is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
XMB Forum 1.8 BBcode align Tag XSS
No description provided by source. source: http://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. ...
PHPX 3.x admin/news.php CSRF Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative command...
PHPX 3.x admin/forums.php CSRF Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative command...
Simple Machines forum (SMF) 2.0 session hijacking
No description provided by source. Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a...
PHP-Nuke 6.x/7.0/7.1 Image Tag Admin Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained...
Coppermine Photo Gallery <= 1.4.20 (BBCode IMG) Privilege Escalation
No description provided by source. +--------------------------------------------------------------------------+ | Coppermine Photo Gallery = 1.4.20 BBCode IMG Privilege Escalation PoC | +--------------------------------------------------------------------------+ | by Juri Gianni aka yeat -...
PHP-Fusion 5.0 BBCode IMG Tag Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12751/info PHP-Fusion is reported prone to a script injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input prior to including it in dynamically generated content. An...
woltlab burning board 3.0.x Multiple Vulnerabilities
No description provided by source. +---------------------------------------------------------------------------+ | Woltlab Burning Board 3.0.x Multiple Remote Vulnerabilities | +---------------------------------------------------------------------------+ | by Juri Gianni aka yeat -...
PHPBB2 Image Tag HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 PHPBB Image Tag User-Embedded Scripting Vulnerability. However...
Land Down Under BBCode HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10435/info Land Down Under is prone to an HTML injection vulnerability. This issue is exposed through their BBCode implementation. Exploitation could permit theft of cookie credentials, manipulation of content, or other...
Joomla Kunena Component 3.0.4 - Persistent XSS
No description provided by source. Persistent XSS in Joomla::Kunena 3.0.4 26. February 2014 by Qoppa +++ Description Kunena is the leading Joomla forum component. Downloaded more than 3,750,000 times in nearly 6 years. Kunena is written in PHP. Users can post a Google Map using the following BBCo...
Phpclanwebsite 1.23.1 BBCode IMG Tag Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16300/info Phpclanwebsite is prone to a script-injection vulnerability. An attacker can nest BBCode IMG tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code wou...