24 matches found
EUVD-2009-0848
Malware in sbrugna...
EUVD-2009-0849
Malware in sbrugna...
EUVD-2009-0850
Malware in sbrugna...
celerbb 0.0.2 - Multiple Vulnerabilities
No description provided by source. Salvatore drosophila Fresta + Application: CelerBB + Version: 0.0.2 + Website: http://celerbb.sourceforge.net/ + Bugs: A Multiple SQL Injection B Information Disclosure C Authenticaion Bypass + Exploitation: Remote + Date: 05 Mar 2009 + Discovered by: Salvatore...
CelerBB多个输入验证和绕过认证漏洞
BUGTRAQ ID: 34014 CVECAN ID: CVE-2009-0851,CVE-2009-0852,CVE-2009-0853 CelerBB是使用PHP编写的开源论坛程序。 在禁用magicquotesgpc的时候,远程攻击者可以通过向CelerBB的login.php模块提交特制的Username参数请求绕过认证获得管理访问。 远程攻击者可以通过向CelerBB的showme.php模块提交特制的user参数请求读取敏感信息。...
Authentication flaw
login.php in CelerBB 0.0.2, when magicquotesgpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin' parameter value...
Sql injection
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 viewforum.php and 2 viewtopic.php...
CVE-2009-0852
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter...
CVE-2009-0851
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 viewforum.php and 2 viewtopic.php...
Code injection
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter...
CVE-2009-0853
login.php in CelerBB 0.0.2, when magicquotesgpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin' parameter value...
CVE-2009-0851
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 viewforum.php and 2 viewtopic.php...
CVE-2009-0852
CVE-2009-0852 concerns CelerBB 0.0.2. Multiple connected sources confirm that the vulnerability exists in the showme.php module via the user parameter, enabling remote attackers to retrieve sensitive or “reserved” information. The CVE description and corroborating entries (including exploit refer...
CVE-2009-0853
CVE-2009-0853 affects CelerBB 0.0.2. When magic_quotes_gpc is disabled, remote attackers can bypass authentication and gain administrative access by submitting a crafted Username value (e.g., admin'#) to login.php. Verified in multiple sources; impact is authentication bypass with partial confide...
CVE-2009-0852
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter...
CVE-2009-0851
CVE-2009-0851 affects CelerBB 0.0.2. When magic_quotes_gpc is disabled, remote attackers can inject SQL via the id parameter to viewforum.php and viewtopic.php, enabling arbitrary SQL execution. The NVD entry assigns a MEDIUM base score (6.8) with network attack vector and no authentication requi...
CelerBB 0.0.2 Multiple Vulnerabilities
Salvatore "drosophila" Fresta + Application: CelerBB + Version: 0.0.2 + Website: http://celerbb.sourceforge.net/ + Bugs: A Multiple SQL Injection B Information Disclosure C Authenticaion Bypass + Exploitation: Remote + Date: 05 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author:...
CelerBB 0.0.2 Multiple Remote Vulnerabilities
No description provided by source. Salvatore "drosophila" Fresta + Application: CelerBB + Version: 0.0.2 + Website: http://celerbb.sourceforge.net/ + Bugs: A Multiple SQL Injection B Information Disclosure C Authenticaion Bypass + Exploitation: Remote + Date: 05 Mar 2009 + Discovered by: Salvator...
CelerBB Information Disclosure and Multiple SQL Injection Vulnerabilities
CelerBB is prone to an information disclosure vulnerability and multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
CelerBB Information Disclosure and Multiple SQL Injection Vulnerabilities
CelerBB is prone to an information-disclosure vulnerability and multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data. A successful attack could allow an attacker to obtain sensitive information, compromise the application, access or modi...