BBCode injection vulnerability

PMASA-2016-17 Announcement-ID: PMASA-2016-17 Date: 2016-06-23 Summary BBCode injection vulnerability Description A vulnerability was discovered that allows an BBCode injection to setup script in case it's not accessed on https. Severity We consider this to be non-critical. Mitigation factor Alway...

phpBB BBCode IMG Tag script injection vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A script injection vulnerability exists in phpBB because the program fails to adequately filter user-submitt...

FlatNuke <= 3.1.x BBCode IMG Tag Script Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------- + FlatNuke = 3.1.x viewnews BBCode IMG Tag Script Injection PoC ------------------------------------------------------------------------- Discovered by Juri Gianni -...

Coppermine Photo Gallery <= 1.4.20 (BBCode IMG) Privilege Escalation

No description provided by source. +--------------------------------------------------------------------------+ | Coppermine Photo Gallery = 1.4.20 BBCode IMG Privilege Escalation PoC | +--------------------------------------------------------------------------+ | by Juri Gianni aka yeat -...

Simple Machines forum (SMF) 2.0 session hijacking

No description provided by source. Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a...

Burning Board 1.1.1 URL Parameter Manipulation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4512/info Burning Board is web forum software. It is written in PHP, back-ended by MySQL, and will run on most Unix and Linux variants as well as Microsoft Windows. An attacker may allegedly create a malicious link which ...

ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------...

woltlab burning board 3.0.x Multiple Vulnerabilities

No description provided by source. +---------------------------------------------------------------------------+ | Woltlab Burning Board 3.0.x Multiple Remote Vulnerabilities | +---------------------------------------------------------------------------+ | by Juri Gianni aka yeat -...

PHPX 3.x admin/news.php CSRF Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative command...

My Little Homepage Products BBCode Link Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16395/info My Little Homepage Web log, guestbook, and forum are prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in...

Joomla Kunena Component 3.0.4 - Persistent XSS

No description provided by source. Persistent XSS in Joomla::Kunena 3.0.4 26. February 2014 by Qoppa +++ Description Kunena is the leading Joomla forum component. Downloaded more than 3,750,000 times in nearly 6 years. Kunena is written in PHP. Users can post a Google Map using the following BBCo...

Useresponse <= 1.0.2 - Privilege Escalation & RCE Exploit

No description provided by source. !/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles...

HTML::BBCode 1.03/1.04 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16680/info HTML::BBCode is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

PHPBB2 Image Tag HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 PHPBB Image Tag User-Embedded Scripting Vulnerability. However...

PostBoard 2.0 BBCode IMG Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4559/info PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems. PostBoard does not sanitize code...

PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

No description provided by source. PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili [email protected] Marco 'whitesheep' Rondini [email protected] Alessandro 'scox' Scoscia [email protected] In error.php, PhpMyAdmi...

Xoops 1.0/1.3.x BBCode HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8414/info Xoops BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of Xoops where BBCode is rendered. This issue is due to a lac...

PHPBB 2.0.x URL Tag BBCode.PHP Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13545/info The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script. The bbcode url tag is not properly sanitized of user-supplied input. This could permit t...

PHP-Nuke 6.x/7.0/7.1 Image Tag Admin Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained...

Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities

No description provided by source. //----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and...