CVE-2004-2350

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the searchresults parameter...

CVE-2005-2580

Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in 1 index.php or 2 member.php, action parameter to 3 search.php or 4 member.php, or 5 polloptions parameter to polls.php...

CVE-2005-2580

CVE-2005-2580 affects MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch. The vulnerability stems from improper sanitization of user input, enabling SQL injection via the Username field in index.php or member.php, via the action parameter in search.php or member.php, or via the polloptions param...

CVE-2005-2580

Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in 1 index.php or 2 member.php, action parameter to 3 search.php or 4 member.php, or 5 polloptions parameter to polls.php...

CVE-2005-2402

The CVE-2005-2402 entry describes a Cross-site scripting (XSS) vulnerability in PHPSiteSearch 1.7.7d, specifically in search.php, where an attacker can inject arbitrary web script or HTML through the query parameter. The underlying issue is unescaped input in the search parameter that is echoed b...

CVE-2005-2393

Cross-site scripting XSS vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via 1 the lastusername parameter to index.php or 2 selectedsearcharch parameter to search.php...

CVE-2004-2241

Phorum 5.0.11 and earlier is affected by a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary HTML or web script via search.php. The note indicates some sources claim the vulnerable file is read.php, but this conflicts with the vendor’s patch. The NVD entry,...

CVE-2004-2242

Phorum contains a cross-site scripting vulnerability in search.php, exploitable via the subject parameter, potentially affecting Phorum 5.0.7 beta and earlier. The issue allows remote attackers to inject arbitrary HTML/JS. The public records describe the vulnerability but do not provide a concret...

CVE-2004-2242

Cross-site scripting XSS vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter...

CVE-2004-2180

WowBB Forum 1.61 and earlier versions are affected by multiple cross-site scripting (XSS) vulnerabilities. The flaws allow attackers to inject arbitrary script/HTML via numerous vectors: country (view_user.php), show (view_forum.php), letter (view_user.php), highlight (view_topic.php), show (inde...

CarLine Forum Russian Board 4.2 - 'search.php?text_poisk' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. Forum Russian Board 4.2 is reported to be affected...

phpBB 2.0.15 - Register Multiple Users (Denial of Service)

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 15 - 00/00/06 -------------------------------------------------------- Program: phpBB 2.0.15 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.15 & Lower versions Risk: High Risk!! Impact:...

CVE-2005-1833

Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to calendar.php, 2 idsql parameter to online.php, 3 usersearch parameter to memberlist.php, 4 pid parameter to editpost.php, 5 fid parameter to...

CVE-2003-1216

SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the searchid parameter...

CVE-2002-1662

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via 1 search.php and 2 the "Your name" field during account registration...

CVE-2005-1500

Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the keyword parameter in search.php; or 2 the dateno parameter in viewdate mode, 3 the catid parameter in viewcat mode, the 4 monthno or 5 year parameter in viewmonth mode, or ...

CVE-2004-2055

Cross-site scripting XSS vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the searchauthor parameter...

CVE-2004-1797

CVE-2004-1797 is described as a Cross-site scripting (XSS) vulnerability in FreznoShop 1.3.0 RC1 and earlier, exploitable via the search parameter in search.php. The affected software is FreznoShop; the vulnerable file/function is search.php, where user-supplied input in the search parameter can ...

CVE-2004-2055

The CVE-2004-2055 issue affects phpBB

Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)

According to its banner, the version of Invision Power Board on the remote host suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-input supplied through the 'passhash' cookie in the 'sources/login.php' script, which can be exploited to...