CVE-2008-4871

Cross-site scripting XSS vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags...

CVE-2008-4513

Cross-site scripting XSS vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags...

Cross site scripting

Cross-site scripting XSS vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags...

CVE-2008-4513

CVE-2008-4513 describes a cross-site scripting (XSS) vulnerability in the BBcode API module of Phorum 5.2.8. The issue allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags. This is documented in multiple sources (NVD entry and related CVE records). The provi...

CVE-2008-4513

Cross-site scripting XSS vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags...

Simple Machines Forum 1.1.6 Filter Post Bypass Vulnerability

No description provided by source. Name: SMF 1.1.6 Filter Post Bypass Author: WHK WebSite: http://www.jccharry.com/ en The data in a post are not filtered properly when someone enters statements BBCode wrong without content that a user can enter words banned by the system of restrictions by...

Advanced Electron Forum <= 1.0.6 Remote Code Execution Vulnerability

No description provided by source. GulfTech Security Research September 20, 2008 Vendor : Electron Inc. URL : http://www.anelectron.com/ Version : AEF Forum = 1.0.6 Risk : Remote Code Execution Description: Advanced Electron Forum also known as AEF Forum is a full featured online forum system...

Advanced Electron Forum <= 1.0.6 Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Advanced Electron Forum = 1.0.6 Remote Code Execution Vulnerability ==================================================================== GulfTech Security Research...

Invision Power Board BBCode处理HTML注入漏洞

BUGTRAQ ID: 27920 Invision Power Board是一个非常流行的PHP论坛程序。 IPB处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞攻击其他Web用户。 IPB没有正确地过滤通过自定义BBCode所传送的输入，如果用户向论坛提交了恶意请求的话，就可能导致注入任意HTML和脚本代码，当用户浏览张贴时就会在浏览器会话中执行这些代码。 Invision PS IPB 2.3.4 厂商补丁： Invision PS ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

my little forum XSS

my little forum Cross-site scripting ----------------------------------------------------------- Product: my little forum Version: 2.0 beta 23, 1.75 Vendor: http://mylittleforum.net/ Date: 02/11/08 - Introduction "my little forum is a simple PHP and MySQL based web-forum that displays the message...

HTML Injection Vuln in nssboard

Nssboard, formerly Simple PHP forum, is vulnerable to HTML injection including scripts possible XSS in two ways: 1. If BBcode is disabled, HTML tags are no longer stripped, allowing XSS attacks, etc. 2. Profile information user, email, Real Name is not filtered. For example a user could use...

SimpGB version 1.46.02 File Content Disclosure Vulnerability

netVigilance Security Advisory 65 SimpGB version 1.46.02 File Content Disclosure Vulnerability Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple...

simpgb14602-xss.txt

netVigilance Security Advisory 67 SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple...

SimpNews version 2.41.03 File Content Disclosure Vulnerability

netVigilance Security Advisory 69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header,...

simpnews24103-fdisclose.txt

netVigilance Security Advisory 69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header,...

SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities

netVigilance Security Advisory 70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multip...

simpnews24103-xss.txt

netVigilance Security Advisory 70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multip...

[x0n3-h4ck] myBloggie 2.1.5 XSS exploit

-=--------------------ADVISORY-------------------=- myBloggie 2.1.5 Author: CorryL [email protected] -=-------------------------------------------------------=- -=+ Application: myBloggie -=+ Version: 2.1.5 -=+ Vendor's URL: http://mywebland.com/download.php?id=19 -=+ Platform: WindowsLinuxUnix...

CVE-2006-6741

Cross-site request forgery CSRF vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag...

CVE-2006-6741

Cross-site request forgery CSRF vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag...