17 matches found
EUVD-2006-3168
Malware in sbrugna...
EUVD-2006-3166
Malware in sbrugna...
EUVD-2006-3165
Malware in sbrugna...
CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability
CS-Forum 0.82 ajouter.php Remote File Include Vulnerability Source Code: http://www.comscripts.com/jump.php?action=script&id=643 Vulnerable Code: include"$include/footer.php"; Exploit : http://www.vicTim.com/CS-Forum/ajouter.php?include=shell.txt? Discoverd By : Mahmoodali Conatact : mahk2000 at...
CVE-2006-3168
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the 1 id and 2 debut parameters in a read.php, and the 3 search and 4 debut parameters in b index.php...
CVE-2006-3170
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse or readall parameter to index.php, which reveals the installation path in an error message...
CVE-2006-3169
Multiple cross-site scripting XSS vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 msgresult and 2 reptitre parameters in a read.php; and the 3 id and 4 parent parameters and 5 CSForumnom, 6 CSForummail, and 7 CSForumurl cookie...
CVE-2006-3171
CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php...
CVE-2006-3169
CVE-2006-3169 affects CS-Forum 0.81 and earlier. The vulnerabilities exist in the web application’s read.php (parameters msg_result, rep_titre) and ajouter.php (parameters id, parent, CSForum_nom, CSForum_mail, CSForum_url; cookie parameters) allowing cross-site scripting. Root cause: improper ha...
CVE-2006-3168
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the 1 id and 2 debut parameters in a read.php, and the 3 search and 4 debut parameters in b index.php...
CVE-2006-3169
Multiple cross-site scripting XSS vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 msgresult and 2 reptitre parameters in a read.php; and the 3 id and 4 parent parameters and 5 CSForumnom, 6 CSForummail, and 7 CSForumurl cookie...
CVE-2006-3171
CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php...
CVE-2006-3170
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse or readall parameter to index.php, which reveals the installation path in an error message...
CVE-2006-3170
CS-Forum prior to 0.82 is vulnerable to a remote path-disclosure via index.php, caused by unspecified manipulations (collapse[] or readall) that reveal the installation path in an error message. The affected product is CS-Forum; the indicator specifies version
CVE-2006-3171
CS-Forum prior to 0.82 is affected by a CRLF injection vulnerability that lets remote attackers inject arbitrary email headers via a newline character in the email parameter of ajouter.php. Root cause is improper handling of newline characters in user-supplied input, leading to header injection. ...
CVE-2006-3168
CVE-2006-3168 is a SQL injection vulnerability in CS-Forum before version 0.82. The vulnerability allows remote attackers to execute arbitrary SQL commands through input parameters: (1) id and (2) debut in read.php, and (3) search and (4) debut in index.php. The exact root cause is an inadequate ...
[SA20534] CS-Forum Multiple Vulnerabilities
---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...