8 matches found
CVE-2006-3797
SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the 1 memberpw and 2 membercookie cookies...
CVE-2006-3796
DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user...
CVE-2006-3798
DeluxeBB 1.07 and earlier allows remote attackers to overwrite the 1 GET, 2 POST, 3 ENV, and 4 SERVER variables via the COOKIE aka COOKIE variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the...
CVE-2006-3799
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."...
CVE-2006-3304
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter...
CVE-2006-3303
DeluxeBB 1.07 and earlier have cross-site scripting in pm.php, exploitable via the subject or to parameters, enabling injection of arbitrary script/HTML. Root cause: improper input handling in pm.php leading to reflected XSS. Impact per available data is partial integrity impact with no confident...
DeluxeBB 1.07 Create admin Exploit
DeluxeBB 1.07 Create admin Exploit ---------------------------------------- + Summary : Name : DeluxeBB 1.07 Class : Remote Risk : High + Description: DeluxeBB 1.07 Have a high Security Bug in user control panel cp.php . this bug allows to users change access level with inject qurry in update...
DeluxeBB <= 1.07 (cp.php) Create Admin Exploit
No description provided by source. !/usr/bin/perl DeluxeBB = 1.07 Create Admin Exploit www.h4ckerz.com / www.hackerz.ir / www.aria-security.net ./2006-6-25 Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $uname = $ARGV...