mxBB Module Profile CP 0.91c Remote File Include Vulnerability

No description provided by source. mxBB Module Profile Control Panel 0.91c Remote File Include Vulnerability Bugfound3R: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Greetz: str0ke, Lu7k, TheJT, Natok Download: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=70 ==...

H-Sphere Control Panel不安全日志文件权限漏洞

H-Sphere Control Panel是多域名/站点管理控制面板程序。 域名/站点管理不安全日志文件权限问题，本地攻击者可以利用漏洞破坏系统文件，造成拒绝服务或特权提升问题。 目前没有详细漏洞细节提供。 Positive Software H-Sphere 2.4.3 http://www.psoft.net/hsphere2info.html...

CVE-2006-6382

The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained...

CVE-2006-5984

Multiple cross-site scripting XSS vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the 1 txtCompanyName, 2 txtEmail, or 3 txtUserAccNum parameter to a users.asp, or the 4 setThemeColour parameter to b default.asp ...

CVE-2006-5984

Helm Web Hosting Control Panel 3.2.10 is affected by CVE-2006-5984: multiple XSS weaknesses in the Admin, Reseller, and User levels. The vectors include user input in (1) txtCompanyName, (2) txtEmail, (3) txtUserAccNum to users.asp; (4) setThemeColour to default.asp (Reseller/Admin) and (5) setTh...

CVE-2006-5984

Multiple cross-site scripting XSS vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the 1 txtCompanyName, 2 txtEmail, or 3 txtUserAccNum parameter to a users.asp, or the 4 setThemeColour parameter to b default.asp ...

vBulletin 3.6.x - Admin Control Panel Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/21157/info vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability to have arbitrary script code execute in the context of the...

CVE-2006-5831

PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel AIOCP 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter...

CVE-2006-5830

Multiple cross-site scripting XSS vulnerabilities in All In One Control Panel AIOCP 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 topid, 2 forid, and 3 catid parameters to code/cpforumview.php; 4 choosedlanguage parameter to cpdpage.php; 5 orderdir...

CVE-2006-5831

PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel AIOCP 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter...

CVE-2006-5832

All In One Control Panel (AIOCP)

CVE-2006-5830

CVE-2006-5830 details multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier. The issue arises from unsanitized input in several parameters and fields, including: (1) topid, (2) forid, (3) catid to code/cp_forum_view.php; (4) choosed_language t...

CVE-2006-5832

All In One Control Panel AIOCP 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to 1 public/code/cpdpage.php, possibly involving the aiocpdp parameter, 2 public/code/cpshowecproducts.php, possibly involving the orderfield parameter, and 3...

vbulletin361.txt

Author: insanity E-mail: [email protected] XSS vBulletin 3.6.1 Admin Control Panel http://www.exemplo.com/vbulletin/admincp/index.php?do=buildnavprefs&nojs=0&prefs="alert"insanity" http://www.exemplo.com/vbulletin/admincp/index.php?do=savenavprefs&nojs=0&navprefs="alert"insanity"...

AIOCP 1.3.x - cp_links.php SQL Injection

AIOCP 1.3.x - cplinks.php SQL Injection source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to...

AIOCP 1.3.x - cp_contact_us.php SQL Injection

AIOCP 1.3.x - cpcontactus.php SQL Injection source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker...

AIOCP 1.3.x - cp_links_search.php SQL Injection

AIOCP 1.3.x - cplinkssearch.php SQL Injection source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attack...

CVE-2006-5203

Invision Power Board IPB 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the...

CVE-2006-5203

Invision Power Board IPB 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the...

Invision Power Board Multiple Vulnerabilities

Invision Power Board Multiple Vulnerabilities Affects: IPB =2.1.7 Risk: High An attack exists where an admin can be redirected and forced to execute SQL commands through IPB's SQL Toolbox. The following requirements must be met for this attack to take place: - The database table prefix must be...