OpenBB 1.0.8 Full Path Disclosure

OpenBB 1.0.8 Full Path Disclosure Bug Found By :- Devil-00 Gr33tz :- Www.securitygurus.neT Rock Master Hackers Pal n0m3rcy -= 1-2 =- Full Path Disclosure Exploits :- /OpenBB/misc.php?action=latest&pforums=D3vil-0x1 /OpenBB/member.php?action=online&&pforums=D3vil-0x1 Fix It :- misc.php Add This Li...

CVE-2006-2070

Cross-site scripting XSS vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action...

DevBB <= 1.0.0 XSS

==================== Discovered by: Qex Date: 25 April 2006 ==================== /member.php?action=viewpro&member=XSS...

Cross site scripting

Cross-site scripting XSS vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the...

CVE-2006-2052

Cross-site scripting XSS vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the...

Cross site scripting

Cross-site scripting XSS vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the username parameter in register.php...

CVE-2006-1805

SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter...

Sql injection

SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter...

PowerClan 1.14 - SQL Injection

PowerClan 1.14 - SQL Injection -------------------------------------------------------- Software: PowerClan 1.14 Version: 1.14 Type: SQL Injection Date: Apr 13 23:37:50 CEST 2006 Vendor: powerscripts.org Page: http://www.powerscripts.org Risc: min credits: ---------------------------- d4igoro -...

MyBB 1.10 New CrossSiteScripting ' member.php '

//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --// Webattack :- /mybb/member.php?action=dologin&username=usrname&password=pass&url="scriptalert1;/script //-- FixIT --// Open member.php GoTo Line :- 1030 .. if$mybb-input'url' redirect$mybb-input'url', $lang-redirectloggedin; Replace It With...

Sql injection

SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php...

CVE-2006-1708

CVE-2006-1708 describes an SQL injection in Clansys 1.1. The vulnerability is in member.php; the parameter shown on the member page is passed to index.php, enabling remote attackers to potentially execute arbitrary SQL commands. The connected documents consistently reference the same description,...

Virtual War File İnclusion

Virtual War File nclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File nclusion // get functions $vwarroot = "./"; require $vwarroot . "includes/functionscommon.php"; require $vwarroot...

CVE-2006-1281

Cross-site scripting XSS vulnerability in member.php in MyBulletinBoard MyBB 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable...

[[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details

ORIGINAL ADVISORY: http://myimei.com/security/2006-03-11/mybb-103-memberphp-xss-attack-in-contact-details.html http://kapda.ir/advisory-297.html ——————-Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.4 Class: Remote Status: Unpatched Exploit: Available...

CVE-2006-0313

Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving 1 util.php, 2 userpref.php, 3 user.php, 4 uploadfrm.php, 5 title.php, 6 team.php, 7 stats.php, 8 page.php, 9 org.php, 10 member.php...

CVE-2005-4199

MyBB prior to 1.0 is affected by multiple SQL injection vulnerabilities. The public details identify concrete vectors, notably the month parameter in calendar.php (SQLi), and additional parameters in usercp.php, member.php, and showthread/ratethread.php. This is a documented remote, unauthenticat...

CVE-2005-4028

Multiple cross-site scripting XSS vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the 1 lamemberlogin parameter to sendpass.php and 2 login parameter to member.php...

CVE-2005-2778

The CVE-2005-2778 entry details a SQL injection in MyBulletinBoard (MyBB), specifically in member.php through the fid parameter. A remote attacker can craft input via fid to execute arbitrary SQL statements, with network access and no authentication required (low attack complexity). Affected soft...

mybbSQL.pl.txt

!/usr/bin/perl -w use LWP::Simple; Vitem if!$ARGV0 print " MyBB Member.php SQL Injection \n"; print " Coded By \n"; print " \n"; print " + Bug By W7ED - W7EDathotmail.com \n"; print " \n"; print " Exmp:- perl file.pl mybb.net /mybb userid \n"; print " \n"; exit; my $host = 'http://'.$ARGV0; User ...