Land Down Under - BBCode HTML Injection

source: https://www.securityfocus.com/bid/10435/info Land Down Under is prone to an HTML injection vulnerability. This issue is exposed through their BBCode implementation. Exploitation could permit theft of cookie credentials, manipulation of content, or other attacks...

XSS in e107 forum

Существует возможность вставки произвольного HTML код в тело сообщения. Удаленный атакующий может вставить специально отформатированный BB тэг bbcode , чтобы заставить форум отобразить произвольный код сценария в браузере пользователя, просматривающего злонамеренное сообщение. При желании, укорот...

XSS в разных форумах

Здравствуйте, 3APA3A. играясь с е107 обнаружил следующее: forum проверено на версии 6.12 возможность вставки BBCode URL=http://some.url"style="position:absolute;left:220px;top:10px;"size=14test /size/URL проверенный:...

PHP-Nuke 6.x/7.0/7.1 - Image Tag Admin Command Execution

source: https://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. This issue may be...

phpBB 2.0.6 - URL BBCode HTML Injection

source: https://www.securityfocus.com/bid/8570/info phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulletin board posts or private messages. This...

phpBB 2.0.6 - URL BBCode HTML Injection

phpBB 2.0.6 - URL BBCode HTML Injection source: https://www.securityfocus.com/bid/8570/info phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulleti...

BBCode XSS in XOOPS CMS

Informations : °°°°°°°°°°°°° Language : PHP Bugged Versions : 1.3.x and less + 2.0.x and less ? not checked Safe Version : 2.0.3 Website : http://www.xoops.org Problem : BBcode XSS PHP Code/Location : °°°°°°°°°°°°°°°°°°° This hole can be used in modules : - Private Messages - News - NewBB forum...

Xoops 1.0/1.3.x - BBCode HTML Injection

source: https://www.securityfocus.com/bid/8414/info Xoops BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of Xoops where BBCode is rendered. This issue is due to a lack of sufficient sanitization...

Xoops 1.01.3.x - BBCode HTML Injection

Xoops 1.01.3.x - BBCode HTML Injection source: https://www.securityfocus.com/bid/8414/info Xoops BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of Xoops where BBCode is rendered. This issue is due to ...

[Sec-Tec Advisory] Local scripting vulnerability in phpBB

Application: phpBB2 Vendor : http://www.phpbb.com Problem : Insufficient filtering of user input Usability : Easy Severity : Medium Report by : Pete Foster, Sec-Tec Ltd http://www.sec-tec.com The Product From vendors site: phpBB is a high powered, fully scalable, and highly customisable open-sour...

CVE-2002-0534

PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

CVE-2002-0533

CVE-2002-0533 affects phpBB 1.4.4 and earlier. The vulnerability lies in how BBCode handling processes [code] tags, allowing remote attackers to trigger CPU-based DoS and corrupt the database by inserting null ASCII 0 characters. The existing records indicate the issue and affected family, but th...

CVE-2002-0534

PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

CVE-2002-0535

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via 1 an IMG tag when BBCode is enabled, or 2 in a topic title...

PHPBB2 - Image Tag HTML Injection

PHPBB2 - Image Tag HTML Injection source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability"...

OpenBB 1.0.0 RC3 - BBCode Cross Agent HTML Injection

OpenBB 1.0.0 RC3 - BBCode Cross Agent HTML Injection source: https://www.securityfocus.com/bid/4819/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. OpenBB is reportedly vulnerable to HTML injection...

Multiple Vulnerabilities in PostBoard

Multiple Vulnerabilities in PostBoard ------------------------------------- PostBoard is an add-on module for the PostNuke content management system which implements a forum system. The current version of PostBoard is 2.0.1 and can be found at: www.nukeaddon.com or ftp.dndresources.com. I have...

(WSS-Advisories-02003) PHPBB BBcode Process Vulnerability

WSS-Advisories-02003 PHPBB BBcode Process Vulnerability Release infomation ------------------ Release Date: 2001-4-4 Author: By Whitecell Security SystemsWSS tombkeeper [email protected] alert7 [email protected] Homepage: http://www.whitecell.org/ Impact: -------- WSS has found a...