2188 matches found
EV0086.txt
New eVuln Advisory: Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability http://evuln.com/vulns/86/summary.html --------------------Summary---------------- eVuln ID: EV0086 CVE: CVE-2006-0896 Software: Simple Machines Forum - SMF Sowtware's Web Site: http://www.simplemachines.org/...
[eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability
New eVuln Advisory: Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability http://evuln.com/vulns/86/summary.html --------------------Summary---------------- eVuln ID: EV0086 CVE: CVE-2006-0896 Software: Simple Machines Forum - SMF Sowtware's Web Site: http://www.simplemachines.org/...
CVE-2006-0896
Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...
CVE-2006-0852
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...
Code injection
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...
[SA18930] Admbook "X-Forwarded-For" PHP Code Injection
TITLE: Admbook "X-Forwarded-For" PHP Code Injection SECUNIA ADVISORY ID: SA18930 VERIFY ADVISORY: http://secunia.com/advisories/18930/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Admbook 1.x http://secunia.com/product/8159/ DESCRIPTION: rgod has reported a...
Admbook <= 1.2.2 (X-Forwarded-For) Remote Command Execution Exploit
Exploit for unknown platform in category web applications =================================================================== Admbook autisticiorg |\r\n"; print "| |\r\n"; print "| Sun-Tzu: "Rouse him, and learn the principle of his activity or |\r\n"; print "| inactivity. Force him to reveal...
Admbook 1.2.2 - x-forwarded-for Remote Command Execution
Admbook 1.2.2 - x-forwarded-for Remote Command Execution !/usr/bin/perl -w use IO::Socket; print "\r\n"; print "| Admbook autisticiorg |\r\n"; print "| site: http://retrogod.altervista.org |\r\n"; print "| |\r\n"; print "| Sun-Tzu: "Rouse him, and learn the principle of his activity or |\r\n";...
Admbook <= 1.2.2 (X-Forwarded-For) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl -w use IO::Socket; print "\r\n"; print "| Admbook =1.2.2 X-Forwarded-For cmmnds xctn xploit |\r\n"; print "| By rgod rgodATautisticiDOTorg |\r\n"; print "| site: http://retrogod.altervista.org |\r\n"; print "| |\r\n"; print "| Sun-Tzu: "Rouse him,...
Admbook 1.2.2 - 'x-forwarded-for' Remote Command Execution
!/usr/bin/perl -w use IO::Socket; print "\r\n"; print "| Admbook autisticiorg |\r\n"; print "| site: http://retrogod.altervista.org |\r\n"; print "| |\r\n"; print "| Sun-Tzu: "Rouse him, and learn the principle of his activity or |\r\n"; print "| inactivity. Force him to reveal himself, so as to...
CVE-2005-4724
PhpTagCool 1.0.3 contains an SQL injection in post.php, exploitable via the X-Forwarded-For HTTP header, allowing remote SQL command execution. The vulnerability’s impact is described as partial confidentiality, integrity, and availability loss. No explicit exploit code or in-the-wild details are...
Cross site scripting
Cross-site scripting XSS vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the 1 Referer or 2 X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats...
CVE-2006-0627
Cross-site scripting XSS vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the 1 Referer or 2 X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats...
DEBIAN-CVE-2006-0582
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors...
CVE-2005-4687
PunBB 1.2.9 (used standalone or with F-ART BLOG:CMS) trusts the client IP from the X-Forwarded-For header instead of the TCP/IP stack, enabling IP address spoofing by remote attackers. Red Hat and CVE records corroborate this vulnerability in PunBB 1.2.9. The underlying issue is header-based IP e...
CVE-2005-4687
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header...
PhpTagCool 1.0.3 - SQL Injection
!/usr/bin/perl PhpTagCool Zatueritor 1.0 Copyright: Megabyte www.mbytesecurity.org Greetz: Rootbox for discovering the forwarded-for issue Te amo Pandora Crashcool,fuiste defaceado por un bug de tu propia programacion,ahora que inventaras? use IO::Socket; $x = 0; print q PhpTagCool Zatueritor 1.0...
CVE-2004-1950
The CVE documents a vulnerability in phpBB 2.0.8a and earlier where the application trusts the IP address provided in the X-Forwarded-For HTTP header. This mis-trust lets remote attackers spoof the user’s apparent IP address. Affected software: phpBB 2.0.8a and older. Root cause: server-side code...
CVE-2004-1950
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses...
CVE-2005-1172
Cross-site scripting XSS vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter...