83 matches found
MAL-2025-183400 Malicious code in lobac-ubb-afayoganu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 615b77acaa6aeac70771a1b007d5d1cd587e3973f16bb2c221dac9ba78473895 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lobac-ubb-aa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ce6fd1c582a2dc4c18581b402f29347c8029e0b1c5981f1870b3c75aa6879c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2000-0140
Malware in sbrugna...
EUVD-2003-0581
Malware in sbrugna...
EUVD-2006-2754
Malware in sbrugna...
EUVD-2007-1950
Malware in sbrugna...
infoadmitere.ubbcluj.ro Cross Site Scripting vulnerability OBB-3867599
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-25091
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...
CVE-2003-0587
CVE-2003-0587 describes a cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x. The issue allows remote authenticated users to execute arbitrary web script and potentially gain administrative access via the displayed name attribute of the “ubber” cookie. The avail...
CVE-2003-0587
Cross-site scripting XSS vulnerability in Infopop Ultimate Bulletin Board UBB 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie...
ThinkPHP Ubb标签 读取任意内容
详细说明: Common/extend.phpCore/Extend/Function/extend.php 成因:ThinkPHP的Ubb标签,有一个代码高亮的功能,即满足: codexxx/code或者phpxxx/php的时候,会对中间的xxx读取,并高亮,xxx是路径,而非具体的代码,如下图1,输入路径后,当文件存在,返回的是高亮后的文件内容 当path=code/etc/passwd/code,成功读取对应内容,也就是说,当某网站用ThinkPHP开发,并提供评论功能(支持UBB)标签的时候,发帖并输入code/etc/passwd/code,即可读取任意内容...
UBB Threads 6.0 - RFI Vulnerability
No description provided by source...
UBB Threads < 6.5.2 Beta (mailthread.php) SQL Injection Exploit
No description provided by source. ?php T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m Vulnerable: UBBCentral SQL Injection Exploit By : MHp0rtal Discovered By: James Bercegay Gr33tz To == Alphaprogrammer , Oilkarchack , TheCephaleX , Str0ke And Iranian Hacking & Security Teams : IHS...
ThinkPHP the Ubb tag vulnerability to read arbitrary contents of the-vulnerability warning-the black bar safety net
Brief description: ThinkPHP the Ubb tags, there is a code highlighting function, that satisfies: xxx/c odeorp hpxxx/p hpwhen it comes to the middle of the xxx to read, and highlight, the xxx is the path, and the non-specific code, as in Figure 1,The input path, when the file exists, the return is...
UBB Forum 7.5.6 Cross Site Scripting
Exploit Title: UBB Forum 7.5.6 Cross Site Scripting Date: 5.01.2012 Author: Sony Software Link: http://www.ubbcentral.com/ Google Dorks: intext:Powered by UBB.threads PHP Forum Software 7.5.6 Version: 7.5.6, maybe another version Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com Po...
UBB.threads 6.4.4 Forum Cross Site Scripting
Title: UBB.threads™ 6.4.4 forum xss Vulnerability EDB-ID: CVE-ID: OSVDB-ID: Author: Dr.0rYX and Cr3w-DZ Published: Verified: Download Exploit Code Download N/A ALGERIAN HACKER - NORTH-AFRICA SECURITY TEAM - ! Title : UBB.threads™ 6.4.4 forum xss Vulnerability ! Author : Dr.0rYX and Cr3w-DZ ! MAIL...
Z-Blog infinite loop vulnerability attack caused by blog with frequent pop-vulnerability warning-the black bar safety net
Writing a blog is now a lot of people part of every day life, many users like to record diary-like intentions in a blog to record their life and thoughts, but the blog as a personal Journal seems to be on the safe side by a lot of users ignore, personal blog security really can be ignored? A lot ...
Z-blog FUNCTION/c_function.asp跨站脚本攻击漏洞
Z-Blog是一款基于Asp平台的Blog博客网志程序,支持Wap,支持Firefox,Oprea等浏览器,在国内使用非常广泛,官方主页在http://www.rainbowsoft.org/。Z-blog代码严谨,前台功能简洁,后台功能强大,这为它的产品安全带来很大的优势,但是在上次的xss漏洞被公布后,80sec在产品中又发现一个严重的跨站脚本攻击漏洞,加上产品设计上的一些问题可能带来严重的后果。 在FUNCTION/cfunction.asp中,程序处理UBB标签的时候存在漏洞,导致任何用户可以在目标页面内执行任意js代码,利用该代码恶意用户可以获取目标站点的所有权限。漏洞代码如下...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...
Site program-Africa SI exploits-vulnerability warning-the black bar safety net
Part I Preface Now the most popular online site attack means, to was SQL Injection, even though SI technology is easy to use, and easy to obtain greater privileges, but because of the limelight too big, now generally is a little security-conscious programmer will pay attention to this problem, an...