Cross site scripting

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

PhpMyAdmin Client Side 0Day Code Injection and Link Falsification

Exploit for php platform in category web applications ================================================================= PhpMyAdmin Client Side 0Day Code Injection and Link Falsification ================================================================= Credits: Emanuele 'emgent' Gentili Marco...

phpMyAdmin Client Side Code Injection

PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili Marco 'whitesheep' Rondini Alessandro 'scox' Scoscia In error.php, PhpMyAdmin permit to insert text and restricted tag, like BBCode. With tag a@url@pageClick Me/a, you can insert your own...

phpMyAdmin - Client-Side Code Injection Redirect Link Falsification

phpMyAdmin - Client-Side Code Injection Redirect Link Falsification PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili Marco 'whitesheep' Rondini Alessandro 'scox' Scoscia In error.php, PhpMyAdmin permit to insert text and restricted tag,...

Clansphere 2010.0 Final Cross Site Scripting / Path Disclosure / SQL Injection

=============================== Vulnerability ID: HTB22691 Reference: http://www.htbridge.ch/advisory/bbcodexssinclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: BBcode XSS...

CLANSPHERE 2010.0 Final Multiple Vulnerabilities

Exploit for php platform in category web applications ================================================ CLANSPHERE 2010.0 Final Multiple Vulnerabilities ================================================ Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final...

ClanSphere 2010.0 Final - Multiple Vulnerabilities

Vulnerability ID: HTB22694 Reference: http://www.htbridge.ch/advisory/sqlinjectioninclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk...

ClanSphere 2010.0 Final - Multiple Vulnerabilities

ClanSphere 2010.0 Final - Multiple Vulnerabilities Vulnerability ID: HTB22694 Reference: http://www.htbridge.ch/advisory/sqlinjectioninclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability...

VulnCheck KEV: CVE-2010-2099

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...

JForum 2.08 Cross Site Scripting

Minded Security Labs: Advisory MSA130510 JForum ?s?i\color='"?.?^'"'"?.?/color\ $2 As it's possible to see from the previous code, "color" attribute expects a parameter between single quotes. Jforum does not encode single quotes, so it's possible to a...

CVE-2009-4937

Cross-site scripting XSS vulnerability in Small Pirate SPirate 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag...

CVE-2009-4937

Cross-site scripting XSS vulnerability in Small Pirate SPirate 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag...

CVE-2010-2099

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...

e107 BBCode arbitrary PHP code execution vulnerability-vulnerability warning-the black bar safety net

e107 is a php written content management system. e107 in the bbcode phpallows execution of arbitrary PHP code. Since this method is more dangerous, e107 configuration generally prohibit all users access the bbcode, the administrator can be for a specific group of users on-demand activation of thi...

e107 BBCode任意PHP代码执行漏洞

BUGTRAQ ID: 40252 e107是用php编写的内容管理系统。 e107中的bbcode php允许执行任意PHP代码。由于这种方式比较危险，e107的配置通常禁止所有用户访问这个bbcode，管理员可以对特定的用户组按需激活这个功能。 e107中的访问控制检查没有在bbcode解析器内部而是在一些调用bbcode解析器的外部功能中实现，例如： function posttoHTML$text, $modifier = true, $extra = '' ... //If user is not allowed to use php change to entities...

e107 BBCode Arbitrary PHP Code Execution

The installation of e107 on the remote host allows unauthenticated access to the special 'php' BBCode, which supports execution of arbitrary PHP code. An unauthenticated, remote attacker can leverage this to execute arbitrary PHP, subject to the privileges under which the web server operates...

vBulletin自定义BBCode标签脚本注入漏洞

vBulletin是一款开放源代码的PHP论坛程序。 vBulletin在创建使用自定义标签的内容时没有正确地解析BBCode，这允许攻击者注入任意HTML和脚本代码，当查看恶意数据时就会在用户浏览器会话中执行所注入的代码。 VBulletin 4.0.3 VBulletin 3.8.4 PL2 厂商补丁： VBulletin --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.vbulletin.com/ BadTagx:x' onerror=alert0 foo='/BadTag...

vBulletin - Insecure Custom BBCode Tags

vBulletin - Insecure Custom BBCode Tags Versions Affected: 3.8.4 PL2 Most likely all versions Info: Content publishing, search, security, and more—vBulletin has it all. Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money. Learn more about what makes...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...