CVE-2006-6741

CVE-2006-6741 concerns a CSRF vulnerability in the urlobox component of MKPortal. The issue allows remote attackers to delete arbitrary administrator messages by triggering a delete operation embedded in an img BBcode tag. Affected software is MKPortal (specifically the urlobox feature); underlyi...

PhpbbXtra 2.0 - 'phpbb_root_path' Remote File Inclusion

----------------------------------------------- PhpbbXtra v2.0 phpbbrootpath Remote File Include Vulnerability ----------------------------------------------- Author: xoron ----------------------------------------------- Vuln Code: include$phpbbrootpath . 'includes/bbcode.'.$phpEx;...

phpBB ACP User Registration Mod 1.0 File Inclusion Vulnerability

No description provided by source. ..%%%%....%%%%...%%..%%...........%%%%...%%%%%...%%%%%%..%%...%%. .%%......%%..%%..%%..%%..........%%..%%..%%..%%..%%......%%...%%. ..%%%%...%%..%%..%%%%%%..%%%%%%..%%......%%%%%...%%%%....%%.%.%%. .....%%..%%..%%..%%..%%..........%%..%%..%%..%%..%%......%%%%%%%...

phpBB Import Tools Mod <= 0.1.4 Remote File Include Vulnerability

No description provided by source. Title: phpBB Import Tools Mod = 0.1.4 phpbbrootpath Remote File Inclusion Author/Discovery: boecke Vulnerability Type: Remote File Inclusion Risk: High Risk Software Affected: phpBB Import Tools Mod = 0.1.4 Literally shouts to: str0ke and henrik Don't promote...

phpBB Import Tools Mod <= 0.1.4 Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================= phpBB Import Tools Mod = 0.1.4 Remote File Include Vulnerability ================================================================= Title: phpBB Import Tools Mod = 0.1.4...

CVE-2006-4706

Cross-site scripting XSS vulnerability in inc/functionspost.php in MyBB aka MyBulletinBoard 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated usin...

CVE-2006-3761

Cross-site scripting XSS vulnerability in inc/functionspost.php in MyBB aka MyBulletinBoard 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javacript"...

CVE-2006-3420

Cross-site request forgery CSRF vulnerability in editpost.php in MyBulletinBoard MyBB before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the...

cjGuestbook13.txt

cjGuestbook v1.3 Homepage: http://cmj-php.opanelhosting.com Affected files: posting in the guestbook XSS vuln with cookie disclosure: cjGuestbook uses bbcode, and since theres a vulnerability in early editions of bbcode we can achieve our XSS example. For a PoC put in as your comment:...

CVE-2006-3211

Cross-site scripting XSS vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...

CVE-2006-3211

The CVE-2006-3211 issue affects cjGuestbook versions 1.3 and earlier, located in sign.php. It is a cross-site scripting (XSS) vulnerability that lets remote attackers inject JavaScript by using a javascript: URI in an img BBCode tag within the comments parameter. Impact is partial integrity compr...

PT-2006-4106 · Unknown · Cjguestbook

Name of the Vulnerable Software and Affected Versions: cjGuestbook versions 1.3 and earlier Description: The issue concerns a cross-site scripting XSS vulnerability. It allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...

cjGuestbook v1.3 - XSS

cjGuestbook v1.3 Homepage: http://cmj-php.opanelhosting.com Affected files: posting in the guestbook XSS vuln with cookie disclosure: cjGuestbook uses bbcode, and since theres a vulnerability in early editions of bbcode we can achieve our XSS example. For a PoC put in as your comment:...

Cross site scripting

Cross-site scripting XSS vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag...

CVE-2006-2269

Cross-site scripting XSS vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag...

myBloggie &lt;= 2.1.3 XSS

myBloggie = 2.1.3 XSS Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate privilege escalation,possible defacement MyBloggie versions 2.1.3 and below are vulnerable to XSS injection in the image BBcode as follows: imgjavascript:alert'xss'/img Nomenumbra/0x4F4C...

tyrocmsXSS.txt

TyroCms beta V1.0 multiple XSS injections Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate privilege escalation,possible defacement TyroCMS is a PHP & MySql powered content management systemcms. Inludes built-in forums, powerful admin control panel, secure user system, and much more. Easi...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a javascript URI in an img BBCode tag, or a JavaScript event in a 2 url BBCode tag or 3 color BBCode tag...

CVE-2006-2228

Cross-site scripting XSS vulnerability in w-Agora aka Web-Agora 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' equals character, which bypasses a restrictive regular...

CVE-2006-2228

Cross-site scripting XSS vulnerability in w-Agora aka Web-Agora 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' equals character, which bypasses a restrictive regular...