302 matches found
CVE-2011-3710
bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files...
CVE-2011-3710
The CVE-2011-3710 issue affects bbPress 1.0.2 and is an information disclosure vulnerability. A direct request to a vulnerable PHP file (notably bb-templates/kakumei/view.php and similar files) can reveal the installation path in an error message, exposing sensitive server paths. Multiple connect...
HTB22904: Path disclosure in bbPress
Vulnerability ID: HTB22904 Reference: http://www.htbridge.ch/advisory/pathdisclosureinbbpress.html Product: bbPress Vendor: http://bbpress.org http://bbpress.org Vulnerable Version: 1.0.3 Vendor Notification: 15 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech Brid...
Installation Path Disclosure Weakness in bbPress
High-Tech Bridge SA Security Research Lab has discovered a weakness in bbPress which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in bbPress The weakness exists due to application reveals the full path to installation directory in...
bbPress 1.0.2 <= Cross Site Scripting Vulnerability
========================================= bbPress 1.0.2 = Cross Site Scripting Vulnerability ========================================= 1. OVERVIEW bbPress 1.0.2 and lower versions were vulnerable to Cross Site Scripting. 2. APPLICATION DESCRIPTION bbPress is plain and simple forum software, plain...
bbPress 1.0.2 <= Cross Site Scripting Vulnerability
OVERVIEW bbPress 1.0.2 and lower versions were vulnerable to Cross Site Scripting. 2. APPLICATION DESCRIPTION bbPress is plain and simple forum software, plain and simple with a twist from the creators of WordPress. It is focused on web standards, ease of use, ease of integration, and speed. 3...
bbPress 1.0.2 Cross Site Scripting
========================================= bbPress 1.0.2 = Cross Site Scripting Vulnerability ========================================= 1. OVERVIEW bbPress 1.0.2 and lower versions were vulnerable to Cross Site Scripting. 2. APPLICATION DESCRIPTION bbPress is plain and simple forum software, plain...
bbPress 1.0.2 - Cross-Site Request Forgery (Change Admin Password)
bbPress 1.0.2 - Cross-Site Request Forgery Change Admin Password : Software : bbPress v 1.0.2 : : site : www.bbpress.org : : date : 29/6/2010 : : Author : saudi0hacker : : Date : May 25, 2010 : : Type : CSRF : : Greetz to : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com :...
bbPress 1.0.2 - Cross-Site Request Forgery (Change Admin Password)
: Software : bbPress v 1.0.2 : : site : www.bbpress.org : : date : 29/6/2010 : : Author : saudi0hacker : : Date : May 25, 2010 : : Type : CSRF : : Greetz to : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com : :----------------------------------------------------------------------------:...
bbPress 1.0.2 Cross Site Request Forgery
: Software : bbPress v 1.0.2 CSRF : site : www.bbpress.org : date : 29/6/2010 : Author : saudi0hacker : Date : May 25, 2010 : Type : CSRF : Greetz to : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com admin Key Master Hotmail: Free, trusted and rich email service...
bbPress v1.0.2 Cross-Site Request Forgery
No description provided by source. : Software : bbPress v 1.0.2 CSRF : site : www.bbpress.org : Author : saudi0hacker : Date : May 25, 2010 : Type : CSRF : Greetz to : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com html body onload=\"document.forms\'Login\'.submit;\" form...
bbPress v1.0.2 Cross-Site Request Forgery
Exploit for php platform in category web applications ========================================= bbPress v1.0.2 Cross-Site Request Forgery ========================================= : Software : bbPress v 1.0.2 CSRF : site : www.bbpress.org : date : 29/6/2010 : Author : saudi0hacker : Date : May 25...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. bbPress: crossite scripting, protection bypass...
Vulnerabilities in bbPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Cross-Site Scripting уязвимостях в bbPress форумный движок. Insufficient Anti-automation: На странице регистрации http://site/path/register.php нет защиты от автоматизированных запросов капчи. XSS IE: Уязвимость в...
Sql injection
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."...
CVE-2007-3243
Cross-site scripting XSS vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header...
CVE-2007-3244
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."...
CVE-2007-3244
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."...
CVE-2007-3243
CVE-2007-3243 affects bbPress 0.8.1 via bb-login.php. The XSS vulnerability allows remote attackers to inject arbitrary script/HTML through the re parameter; exploitation may hinge on a specific Referer header being sent by the client. The cited sources (NVD entry) describe the issue and impact a...
CVE-2007-3244
CVE-2007-3244 describes a SQL injection in bbPress prior to version 0.8.1. The vulnerability is in bb-includes/formatting-functions.php and can allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, demonstrated by a PRE element (the “quirky slashe...