IsolSoft Support Center SQL inj.

IsolSoft Support Center SQL inj. Vuln. dicovered by : r0t Date: 24 nov. 2005 Orginal advsiory:http://pridels.blogspot.com/2005/11/isolsoft-support-center-sql-inj.html Vendor:http://www.isolsoft.com/ affected version:Support Center v2.2 and prior Vuln. Desciption: Input passed to the "field"...

Top Auction Multiple SQL Vuln.

Top Auction Multiple SQL Vuln. Vuln. dicovered by : r0t Date 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html Vendor:http://www.phplabs.com/ Product link:http://www.phplabs.com/scripts.php?script=Top20Auction affected version: Top Auction last...

[waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier

================================================================================ waraxe-2005-SA043 ================================================================================ Sql injection in Phorum 5.0.20 and earlier...

CVE-2005-3418

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errormsg parameter to usercpregister.php, 2 forwardpage parameter to login.php, and 3 listcat parameter to search.php, which are not initialized as...

CVE-2005-3418

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errormsg parameter to usercpregister.php, 2 forwardpage parameter to login.php, and 3 listcat parameter to search.php, which are not initialized as...

CVE-2004-2511

Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the year, 2 month, and 3 day parameters in calendar.php; 4 the cid and 5 url parameters in index.php; 6 the cid parameter in annoucement.php; 7 the...

PunBB search.php old_searches Parameter SQL Injection

The version of PunBB installed on the remote host fails to sanitize user-supplied input to the 'oldsearches' parameter of the 'search.php' script before using it in database queries. Provided PHP's 'registerglobals' setting is enabled, an attacker may be able to exploit this issue to delete...

PunBB < 1.2.9 search.php old_searches Parameter SQL Injection

Binary data 3260.prm...

[KAPDA::#6] Punbb SQL Injection Vulnerability

KAPDA::6 Punbb SQL Injection Vulnerability Punbb search.php SQL Injection Vulnerability KAPDA New advisory Vulnerable products : Punbb V 1.2.8 and 1.2.7 are tested,Hopefully all other versions Vendor: http://www.punbb.org/ Vulnerability: Sql injection About Punbb -------------------- PunBB is a...

MyBloggie 2.1.3 - Search.PHP SQL Injection Vulnerability

MyBloggie 2.1.3 Search.PHP SQL Injection Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/15017/info myBloggie is prone to an SQL injection vulnerability. This is due to a lack of sanitization of user-supplied input before passing it on to SQL queries...

CVE-2005-3045

CVE-2005-3045 affects My Little Forum 1.5 and 1.6 beta, where the vulnerability resides in the search.php component. The underlying issue is a SQL injection via the phrase field, allowing remote attackers to alter the database by injecting arbitrary SQL commands. Documents consistently describe t...

CVE-2005-2839

Multiple cross-site scripting XSS vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via 1 dl-search.php or 2 wl-search.php...

CVE-2005-2697

SQL injection vulnerability in search.php for MyBulletinBoard MyBB 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282...

mybbSQLinject.txt

Hello The Injected File : search.php Discovered by: HACKERS PAL & Devil-00 & ABDUCTER Injected Versions :- Powered by MyBulletinBoard 1.00 Release Candidate 4 Powered by MyBulletinBoard 1.00 Release Candidate 3 Powered by MyBulletinBoard 1.00 Release Candidate 2 Powered by MyBulletinBoard 1.00...

CVE-2005-2649

Cross-site scripting XSS vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via 1 course parameter in login.php or 2 words parameter in search.php...

MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== MyBulletinBoard MyBB mhp0rtal -- Dr-CephaleX -- The-Cephexin -- DjayAgoustinno...

CVE-2005-2649

Cross-site scripting XSS vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via 1 course parameter in login.php or 2 words parameter in search.php...

CVE-2005-2649

CVE-2005-2649 describes a cross-site scripting (XSS) vulnerability in ATutor 1.5.1 that allows remote attackers to inject arbitrary script or HTML via the parameters course in login.php or words in search.php. The CVE is cited with a base score of 4.3 (Medium) on the NVD entry, and multiple conne...

Vul in MyBB

Hello The Injected File : search.php Discovered by: HACKERS PAL & Devil-00 & ABDUCTER Injected Versions :- Powered by MyBulletinBoard 1.00 Release Candidate 4 Powered by MyBulletinBoard 1.00 Release Candidate 3 Powered by MyBulletinBoard 1.00 Release Candidate 2 Powered by MyBulletinBoard 1.00...

CVE-2004-2350

The CVE-2004-2350 entry pertains to an SQL injection in phpBB’s search.php affecting phpBB 1.0 through 2.0.6 via the search_results parameter. The underlying vulnerability allows remote attackers to execute arbitrary SQL and potentially gain privileges, as described in the fixed-text CVE descript...