24 matches found
EUVD-2007-6361
Malware in sbrugna...
EUVD-2007-6363
Malware in sbrugna...
EUVD-2007-6362
Malware in sbrugna...
EUVD-2007-6365
Malware in sbrugna...
Default credentials
index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action...
CVE-2007-6399
index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action...
CVE-2007-6395
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/...
Code injection
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...
Improper access control
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/...
CVE-2007-6398
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpbusername cookie...
CVE-2007-6397
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to 1 create arbitrary files via a .. dot dot in the username parameter when registering a user account, and 2 read arbitrary PHP files via a .. dot dot in a the topic parameter in a...
Authentication flaw
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpbusername cookie...
Directory traversal
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to 1 create arbitrary files via a .. dot dot in the username parameter when registering a user account, and 2 read arbitrary PHP files via a .. dot dot in a the topic parameter in a...
CVE-2007-6397
CVE-2007-6397 affects Flat PHP Board 1.2 and earlier. The vulnerability arises from directory traversal in index.php, enabling remote attackers to (1) create arbitrary files via .. in the username during user registration, and (2) read arbitrary PHP files via .. in (a) the topic parameter for a t...
CVE-2007-6397
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to 1 create arbitrary files via a .. dot dot in the username parameter when registering a user account, and 2 read arbitrary PHP files via a .. dot dot in a the topic parameter in a...
CVE-2007-6395
Flat PHP Board 1.2 and earlier stores credentials under the web root with insufficient access control. The vulnerability allows remote attackers to obtain credentials by directly requesting the username.php file for any user account in users/. The CVE is documented with an access-control bypass i...
CVE-2007-6399
index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action...
CVE-2007-6398
CVE-2007-6398 affects Flat PHP Board 1.2 and earlier. The issue allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account by manipulating the fpb_username cookie. The description, as reported in multiple sources (NVD/NVT CVE entry and related database...
CVE-2007-6396
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...
CVE-2007-6395
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/...