28 matches found
EUVD-2008-3696
Malware in sbrugna...
EUVD-2008-3695
Malware in sbrugna...
EUVD-2008-3693
Malware in sbrugna...
EUVD-2006-1138
Malware in sbrugna...
SUSE CVE-2006-2871
PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter. NOTE: CVE disputes this issue, since $scriptpath is set to a constant value...
CyBoards PHP Lite 1.21/1.25 Common.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18272/info CyBoards PHP Lite is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...
CyBoards PHP Lite 1.21/1.25 Post.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17107/info CyBoards PHP Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit cou...
Directory traversal
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 scriptpath parameter to a options.php and the 2 langcode parameter to b copyvip.php and c processeditboard.php in...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the 1 lOptionsOptions, 2 lNavAdminOptions, or 3 lNavReturn parameter to options.php; or the 4 lNavReturn parameter to subscribe.php...
CVE-2008-3710
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 scriptpath parameter to a options.php and the 2 langcode parameter to b copyvip.php and c processeditboard.php in...
CVE-2008-3707
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...
CVE-2008-3710
CVE-2008-3710 relates to CyBoards PHP Lite 1.21, where multiple directory traversal flaws allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to options.php and the (2) lang_code parameter to copy_vip.php and proce...
CVE-2008-3707
CVE-2008-3707 describes multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite (versions around 1.21/1.25) that allow an attacker to execute arbitrary PHP code by supplying a malicious URL in the script_path parameter to a long list of scripts (e.g., flat_read.php, post.php, proc...
cyboards-rfilfixss.txt
┌┌─────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └─────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...
CyBoards PHP Lite Default_Header.PHP远程文件包含漏洞
CyBoards PHP Lite是一款基于PHP的WEB应用程序。 CyBoards PHP Lite不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'DefaultHeader.PHP'脚本对用户提交的WEB参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Cyboards PHP Lite 1.21 目前没有解决方案提供: http://www.gold-sonata.com/index.phtml?content=script/forums&menu=script Coded by bd0rk || SOH-Cr...
CVE-2007-1983
PHP remote file inclusion vulnerability in include/defaultheader.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter, a different vector than CVE-2006-2871...
Remote file inclusion
PHP remote file inclusion vulnerability in include/defaultheader.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter, a different vector than CVE-2006-2871...
CVE-2007-1983
CVE-2007-1983 is a PHP remote file inclusion vulnerability in CyBoards PHP Lite 1.21. The issue affects the include/default_header.php script, where a remote attacker can supply a URL via the script_path parameter to execute arbitrary PHP code. This is described as a different vector from CVE-200...
CVE-2006-2871
PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter. NOTE: CVE disputes this issue, since $scriptpath is set to a constant value...