15 matches found
EUVD-2006-2912
Malware in sbrugna...
DeluxeBB <= 1.06 (name) Remote SQL Injection Exploit (mq=off)
No description provided by source. !/usr/bin/perl use IO::Socket; print q DeluxeBB 1.06 Remote SQL Injection Exploit exploit discovered and coded by KingOfSka http://contropotere.netsons.org ; if !$ARGV2 print q Usage: perl dbbxpl.pl host /directory/ victimuserid perl dbbxpl.pl www.somesite.com...
CVE-2006-4558
DeluxeBB 1.06 and earlier running on Apache with mod_mime is vulnerable. The flaw in newpost.php’s newthread action allows remote attackers to upload files with double extensions via the fileupload parameter, enabling arbitrary PHP code execution. Affected: DeluxeBB 1.06 and earlier. Evidence fro...
CVE-2006-2915
Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the 1 hideemail, 2 languagex, 3 xthetimeoffset, and 4 xthetimeformat parameters during account registration...
Remote file inclusion
PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to 1 postreply.php, 2 posting.php, 3 and pm/newpm.php in the deluxe/ directory, and 4 postreply.php, 5 posting.php, and 6 pm/newpm.php in the defaul...
CVE-2006-2914
PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to 1 postreply.php, 2 posting.php, 3 and pm/newpm.php in the deluxe/ directory, and 4 postreply.php, 5 posting.php, and 6 pm/newpm.php in the defaul...
CVE-2006-2914
PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to 1 postreply.php, 2 posting.php, 3 and pm/newpm.php in the deluxe/ directory, and 4 postreply.php, 5 posting.php, and 6 pm/newpm.php in the defaul...
CVE-2006-2914
CVE-2006-2914 concerns DeluxeBB 1.06 with a remote file inclusion flaw. Secunia and Secunia-derived documents describe an vulnerability where input passed to the templatefolder parameter in several scripts (deluxe/postreply.php, deluxe/posting.php, deluxe/pm/newpm.php and corresponding default/ v...
DeluxeBB 1.06 - 'templatefolder' Remote File Inclusion
Secunia Research has discovered some vulnerabilities in DeluxeBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. 1 Input passed to the "templatefolder" parameter in various scripts isn't properly verified, before it is used to inclu...
CVE-2006-2503
SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter...
Sql injection
SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter...
CVE-2006-2503
SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter...
CVE-2006-2503
The CVE-2006-2503 entry documents a SQL injection in DeluxeBB (version 1.06) affecting misc.php, exploitable remotely via the name parameter to execute arbitrary SQL commands. The NVD metrics indicate a high impact with CVSS v2 base score 7.5, attack vector NETWORK, attack complexity LOW, authent...
DeluxeBB 1.06 - 'name' SQL Injection (mq=off)
!/usr/bin/perl use IO::Socket; print q DeluxeBB 1.06 Remote SQL Injection Exploit exploit discovered and coded by KingOfSka http://contropotere.netsons.org ; if !$ARGV2 print q Usage: perl dbbxpl.pl host /directory/ victimuserid perl dbbxpl.pl www.somesite.com /forum/ 1 ; $server = $ARGV0; $dir =...
DeluxeBB <= 1.06 (name) Remote SQL Injection Exploit (mq=off)
No description provided by source. !/usr/bin/perl use IO::Socket; print q DeluxeBB 1.06 Remote SQL Injection Exploit exploit discovered and coded by KingOfSka http://contropotere.netsons.org ; if !$ARGV2 print q Usage: perl dbbxpl.pl host /directory/ victimuserid perl dbbxpl.pl www.somesite.com...