13 matches found
EUVD-2008-1861
Malware in sbrugna...
EUVD-2008-1862
Malware in sbrugna...
Directory traversal
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the exbbdefaultlang parameter...
Remote file inclusion
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERYSTRING for certain path manipulations, which allows remote attackers to bypass this check via 1 POST or 2 COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusi...
CVE-2008-1861
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the exbbdefaultlang parameter...
CVE-2008-1862
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERYSTRING for certain path manipulations, which allows remote attackers to bypass this check via 1 POST or 2 COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusi...
CVE-2008-1862
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERYSTRING for certain path manipulations, which allows remote attackers to bypass this check via 1 POST or 2 COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusi...
CVE-2008-1861
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the exbbdefaultlang parameter...
CVE-2008-1862
ExBB Italia 0.22 and earlier are affected by PHP remote file inclusion vulnerabilities. The CVE-2008-1862 family describes checks on GET requests via QUERY_STRING that can be bypassed using POST or COOKIE variables, enabling RFI through URLs in the exbb[home_path] or new_exbb[home_path] parameter...
CVE-2008-1861
CVE-2008-1861 affects ExBB Italia version 0.22 and earlier. A directory traversal flaw in modules/threadstop/threadstop.php allows remote attackers to include and execute arbitrary local files via a .. in the exbb[default_lang] parameter when register_globals is enabled and magic_quotes_gpc is di...
ExBB Italia userstop.php远程文件包含漏洞
ExBB Italia是一款意大利语的论坛程序。 ExBB Italia在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 ExBB Italia的modules/userstop/userstop.php脚本没有正确验证exbbhomepath参数的输入: include$exbb'homepath'.'modules/userstop/data/userstopconf.php';...
CVE-2006-4488
PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbbhomepath parameter...
CVE-2006-4488
ExBB Italia