250 matches found
CVE-2006-2975
Multiple cross-site scripting XSS vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the 1 name, 2 email, and 3 website parameter, which bypasses XSS protection mechanisms that...
FreeBSD : phpbb -- multiple vulnerabilities (28c9243a-72ed-11da-8c1d-000e0c2e438a)
Multiple vulnerabilities have been reported within phpbb. phpbb is proven vulnerable to : - script insertion, - bypassing of protetion mechanisms, - multiple cross site scripting vulnerabilities, - SQL injection, - arbitrary code execution %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Cross site scripting
pmwiki.php in PmWiki 2.1 beta 20, with registerglobals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS variable with the same name, which causes PmWiki to unset the GLOBALS variable but not the GPC...
CVE-2006-0479
pmwiki.php in PmWiki 2.1 beta 20, with registerglobals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS variable with the same name, which causes PmWiki to unset the GLOBALS variable but not the GPC...
CVE-2006-0479
pmwiki.php in PmWiki 2.1 beta 20, with registerglobals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS variable with the same name, which causes PmWiki to unset the GLOBALS variable but not the GPC...
CVE-2006-0479
The CVE covers PmWiki 2.1 beta 20 (and vulnerable up to 2.1 beta 21) where enabling PHP register_globals lets remote attackers bypass protections by setting a GPC variable and a GLOBALS[] with the same name. This causes GLOBALS[] to be unset while the GPC variable remains, enabling issues such as...
CVE-2005-3415
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE GPC variable and a GLOBALS variable with the same name, which causes phpBB to unset the GLOBALS variable but not the GPC variable...
CVE-2005-3415
CVE-2005-3415 affects phpBB 2.0.17 and earlier, where remote attackers can bypass protection by setting a GET/POST/COOKIE variable and a GLOBALS[] variable with the same name, causing GLOBALS[] to be unset while the GPC variable remains. This can manipulate phpBB behavior. The OpenVAS and Debian ...
phpbb -- multiple vulnerabilities
Multiple vulnerabilities have been reported within phpbb. phpbb is proven vulnerable to: script insertion, bypassing of protetion mechanisms, multiple cross site scripting vulnerabilities, SQL injection, arbitrary code execution...
Security update 1970-01-01
...