9 matches found
CVE-2024-58292
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...
Vanilla: Forum Users Information Disclosure
Summary: An unauthorized even unauthenticated user is able to view some private information about forum users. this information includes: email address even if the user not allows it, IP address of the user, data of some of the private messages between two users. Description: by brute forcing...
ArchiBit (annunci_dettaglio.php) SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================================ ArchiBit annuncidettaglio.php SQL Injection Vulnerability ============================================================...
Easy File Sharing Web Server 4 - Remote Information Stealer
Easy File Sharing Web Server 4 - Remote Information Stealer / =================================================================== 0-day Alternative File Stream Exploit for Easy File Share Server 4 =================================================================== Exploit allows malicious users t...
PT-2005-4937 · Adp · Adp Forum
Name of the Vulnerable Software and Affected Versions: ADP Forum versions 2.0 through 2.0.3 Description: The issue allows remote attackers to obtain user credentials due to sensitive information being stored in plaintext files under the web document root with insufficient access control. This can...
vbulletin-3.0.4.txt
Exploit: ---------------- http://site/forumdisplay.php?GLOBALS=1&f=2&comma=".system'id'." Conditions: ---------------- 1st condition : $vboptions'showforumusers' == True , the admin must set showforumusers ON in vbulletin options. 2nd condition : $bbuserinfo'userid' == 0 , you must be an...
vbulletin-3.0.4-2.txt
fetcharray$forumusers == True , when you visit the forums, it must has at least one user show the forum. Fourth condition: magicquotesgpc must be OFF Vulnerable Systems: vBulletin version 3.0 up to and including version 3.0.4 Immune systems: vBulletin version 3.0.5 vBulletin version 3.0.6 / if...
vBulletin <= 3.0.4 "forumdisplay.php" Code Execution
Exploit for unknown platform in category web applications ==================================================== vBulletin fetcharray$forumusers == True , when you visit the forums, it must has at least one user show the forum. 4th condition : magicquotesgpc must be OFF SPECIAL condition : you must...
vBulletin <= 3.0.4 ""forumdisplay.php"" Code Execution
No description provided by source. Exploit: ---------------- http://site/forumdisplay.php?GLOBALS=1&f=2&comma=".system'id'." Conditions: ---------------- 1st condition : $vboptions'showforumusers' == True , the admin must set showforumusers ON in vbulletin options. 2nd condition :...