MyBB-104SQL.txt

MyBB 1.0.4 New SQL Injection D3vil-0x1 File :- search.php 580 to 592 / START / if$mybb-input'forums' != "all" if!isarray$mybb-input'forums' input'forums' = arrayintval$mybb-input'forums'; foreach$mybb-input'forums' as $forum if!$searchin$forum $query = $db-query"SELECT f.fid FROM...

Advisory-18.txt

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 18 - 03/03/06 -------------------------------------------------------- Program: phpBB Homepage: http://www.phpbb.com Vulnerable Versions: All phpBB versions Risk: High Risk!! Impact: Multiple DoS...

phpBB <= 2.0.19 Multiple DoS vulnerabilities

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 18 - 03/03/06 -------------------------------------------------------- Program: phpBB Homepage: http://www.phpbb.com Vulnerable Versions: All phpBB versions Risk: High Risk!! Impact: Multiple DoS...

MyBB 1.0.4 New SQL Injection

MyBB 1.0.4 New SQL Injection D3vil-0x1 File :- search.php 580 to 592 / START / if$mybb-input'forums' != "all" if!isarray$mybb-input'forums' -- We Break It By forums=-1 $mybb-input'forums' = arrayintval$mybb-input'forums'; foreach$mybb-input'forums' as $forum if!$searchin$forum $query =...

CVE-2006-0728

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the titleop parameter...

Sql injection

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the titleop parameter...

CVE-2006-0728

CVE-2006-0728 affects webSPELL (search.php) 4.01.00 and earlier. The vulnerability is an SQL injection via the title_op parameter, allowing remote attackers to inject arbitrary SQL commands. Impact is listed as partial confidentiality, integrity, and availability with a high base score. No remedi...

[SA18885] webSPELL "search.php" SQL Injection Vulnerability

TITLE: webSPELL "search.php" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA18885 VERIFY ADVISORY: http://secunia.com/advisories/18885/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: webSPELL 4.x http://secunia.com/product/8086/ DESCRIPTION: x128 has...

CVE-2006-0699

CVE-2006-0699 concerns a cross-site scripting (XSS) vulnerability in the web interface of QWikiWiki, specifically in the search.php handler. The affected information states that QWikiWiki 1.5, and possibly 1.5.1 and other versions, are susceptible to injection of arbitrary web script or HTML via ...

Siteframe Beaumont 5.0.1a <== Cross-Site Scripting Vulnerability

Hi, I'm Kiki and I would signal you a XSS in the CMS Siteframe Beaumont 5.0.1a I enclose the advisory and the origina is here: http://kiki91.altervista.org/exploit/siteframe5.0.1axss.txt Bye bye Kiki p.s: sorry for my bad English but I'm Italian ; Advisory: Siteframe Beaumont 5.0.1a == Cross-Site...

CVE-2006-0675

Cross-site scripting XSS vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2006-0648

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the 1 getdate and possibly other parameters used in the replacefiles function in search.php and 2 $file variable as used in the parse function in...

Siteframe Beaumont 5.0.1 - search.php?Q Cross-Site Scripting

Siteframe Beaumont 5.0.1 - search.php?Q Cross-Site Scripting source: https://www.securityfocus.com/bid/16596/info Siteframe Beaumont is prone to a cross-site scripting vulnerability. This issue affects the 'search.php' script. Siteframe Beaumont 5.0.1 and prior versions are reportedly vulnerable...

Siteframe Beaumont 5.0.1 - 'search.php?Q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16596/info Siteframe Beaumont is prone to a cross-site scripting vulnerability. This issue affects the 'search.php' script. Siteframe Beaumont 5.0.1 and prior versions are reportedly vulnerable. http://www.example.com/search.php?q=XSS...

Cross site scripting

Cross-site scripting XSS vulnerability in search.php in MyBB aka MyBulletinBoard 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E...

CVE-2006-0639

CVE-2006-0639 : A cross-site scripting (XSS) vulnerability in MyBB 1.0.2 affects search.php where the keywords parameter is not properly sanitized, allowing a remote attacker with knowledge of the table prefix to inject arbitrary script/HTML via a URL-encoded payload (e.g., %3Cscript%3E). Affecte...

CVE-2006-0588

SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the 1 mid and 2 keywords parameters...

Sql injection

SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the 1 mid and 2 keywords parameters...

CVE-2006-0588

SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the 1 mid and 2 keywords parameters...

[myimei]MyBB 1.0.2 XSS attack in search.php

original advisory: http://myimei.com/security/2006-01-14-mybb-102searchphpxss-attackandmore/index.html --------------- —————-Summary—————- Software: MyBB Sowtware’s Web Site: http://mybboard.com Versions: 1.0.2 Class: Remote Status: patched in 1.0.3 Exploit: Available Solution: Available Discover...