CVE-2007-3450

CVE-2007-3450 is a SQL injection vulnerability in the 6ALBlog project, affecting the file member.php . The flaw allows remote attackers to execute arbitrary SQL commands by supplying the attack payload in the member parameter. This vulnerability is confirmed in multiple sources (NVD/NVDA-style re...

6ALBlog (newsid) Remote SQL Injection Vulnerability

No description provided by source. +By CrackersChild+ Portal.......: 6ALBlog All Versions Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote SQL Injection and Remote File...

6ALBlog - newsid SQL Injection

6ALBlog - newsid SQL Injection +By CrackersChild+ Portal.......: 6ALBlog All Versions Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote SQL Injection and Remote File...

Default credentials

member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...

CVE-2007-1964

member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...

CVE-2007-1964

member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...

CVE-2007-1964

The CVE-2007-1964 issue affects MyBB (MyBulletinBoard) via member.php. When debug mode is enabled, remote authenticated users can change any account’s password by sending a do_lostpw request with the target’s registered email, and the debug output prints the change-password verification code. Acc...

CVE-2006-5148

Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including 1 search.php, 2 message.php, 3 member.php, 4 mail.php, 5 lostpassword.php, 6...

CVE-2006-5148

Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including 1 search.php, 2 message.php, 3 member.php, 4 mail.php, 5 lostpassword.php, 6...

CVE-2006-3253

CVE-2006-3253 affects vBulletin 3.5.x, with a Cross-site Scripting (XSS) vulnerability in member.php exploitable via the u parameter. The vendor disputes the report and reports inability to replicate; no public fix details are provided in the available documents. The issue is noted with a low CVS...

PT-2006-4147 · Vbulletin Solutions · Vbulletin

Name of the Vulnerable Software and Affected Versions: vBulletin versions 3.5.x Description: A cross-site scripting XSS issue in member.php allows remote attackers to inject arbitrary web script or HTML via the u parameter. The vendor has disputed this report, stating that they have been unable t...

biblenet.txt

Biblenet.net Homepage: http://www.biblenet.net Affected files: gettinginvolved.html register.php member.php /library/index.html ----------------------------------------- Biblespace uses vBulletin for most of their site, so most of these vulns are based in the vbulletin site themselves, which othe...

Sql injection

Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...

CVE-2006-2912

Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...

CVE-2006-2912

Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...

Sql injection

Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in 1 usercp.php and 2 member.php...

CVE-2006-2333

CVE-2006-2333 concerns MyBB 1.1.1 where multiple SQL injection flaws allow remote attackers to run arbitrary SQL through the email address during registration for a mail-verified forum, due to improper handling in (1) usercp.php and (2) member.php. The vulnerability permits injected SQL commands ...

Sql injection

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in 1 top.php and 2 member.php. NOTE: this issue has also been reported to affect 1.7.2...

CVE-2006-2216

Open Bulletin Board OpenBB 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to 1 misc.php and 2 member.php...

CVE-2006-2214

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in 1 top.php and 2 member.php. NOTE: this issue has also been reported to affect 1.7.2...