EUVD-2004-0259

Malware in sbrugna...

historic-maps.de XSS vulnerability

Open Bug Bounty ID: OBB-672735 Description| Value ---|--- Affected Website:| historic-maps.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Jetbox CMS 2.1 Email FormMail.PHP Input Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23989/info Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to send spam email in the context of the application. Jetb...

CVE-2007-1898

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails spam via modified recipient, SETTINGSallowedemailhosts, and subject parameters...

CVE-2007-1898

Jetbox CMS 2.1 contains a vulnerability in formmail.php allowing remote attackers to trigger email injection by modifying the recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. The issue is corroborated by multiple sources (NVD CVE-2007-1898 and NetVigilance advisories) and is d...

CVE-2007-1898

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails spam via modified recipient, SETTINGSallowedemailhosts, and subject parameters...

CVE-2007-2731

Jetbox CMS 2.1 is affected by a CRLF injection in formmail.php, allowing remote attackers to inject arbitrary e-mail headers via LF sequences in the subject parameter. This is linked to CVE-2007-1898. The NetVigilance advisory notes that exploitation requires PHP register_globals to be On; a work...

CVE-2007-2731

CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF %0A sequences in the subject parameter, a related issue to CVE-2007-1898...

Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation

source: https://www.securityfocus.com/bid/23989/info Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to send spam email in the context of the application. Jetbox 2.1 is vulnerable; other versio...

CVE-2004-1431

CVE-2004-1431 affects FormMail.php 5.0 (and possibly other versions) and allows remote attackers to read arbitrary files by supplying a full pathname in the ar_file parameter (auto-reply). This impacts confidentiality (partial) without affecting integrity or availability per the provided metrics....

CVE-2005-0216

CVE-2005-0216 describes a cross-site scripting (XSS) vulnerability in the formmail.php component of Woltlab Burning Board Lite 1.0.0 and 1.0.1e (potentially other versions). The issue allows remote attackers to inject arbitrary web script and HTML via the userid parameter. The provided sources do...

woltlabXSS.txt

Advisory Information -------------------- Advisory name : Woltlab Burning Board Lite formmail.php XSS Discovered by : drhankey / it-security23.net Vendor Name : Woltlab Vendor Homepage : http://www.woltlab.de Software : Woltlab Burning Board Lite Vulnerability Type : Cross-Site-Scripting Vulnerab...

CVE-2004-0259

The checkreferer function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting XSS issue...

CVE-2004-0259

The CVE affects Formmail.php version 5.0 and earlier, where check_referer() can be bypassed by an empty or spoofed HTTP Referer, enabling access restriction bypass. The vulnerability is demonstrated via an application on the same web server that contains an associated cross-site scripting (XSS) i...