147 matches found
CVE-2008-4754
SQL injection vulnerability in forum.php in Scripts for Sites SFS Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter...
CVE-2008-4754
The CVE-2008-4754 issue affects Scripts for Sites (SFS) Ez Forum, where the SQL injection flaw is in forum.php via the forum parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands, leading to potential data exposure or modification. The NVD entry lists a CVSS v2 ba...
1024 CMS <= 1.4.4 Multiple Remote/Local File Inclusion Vulnerabilities
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-027 Application: 1024 CMS Versions Affected: 1.4.3, 1.4.4 RFC Vendor URL: http://www.1024cms.com/...
Directory traversal
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the settingslocale parameter to 1 forum.php and 2 profile.php in infusions/ranksystem/. NOTE: the provenance of this information i...
CVE-2008-2227
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the settingslocale parameter to 1 forum.php and 2 profile.php in infusions/ranksystem/. NOTE: the provenance of this information i...
CVE-2008-1789
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter...
CVE-2008-1789
CVE-2008-1789 affects Prozilla Forum (forum.php) and is caused by an SQL injection vulnerability in the forum parameter. The issue allows remote attackers to execute arbitrary SQL commands, per the description. Connected sources confirm the vulnerability details in Prozilla Forum, but no remediat...
Prozilla Forum Service (forum.php forum) SQL Injection Vulnerability
No description provided by source. --==+================================================================================+==-- --==+ Prozilla Forum Service SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- Discovered By:...
Easynet Forum Host - 'forum.php' SQL Injection
--==+================================================================================+==-- --==+ Easynet Forum Host SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz & xprog Discovered On: 5 April...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the 1 open and 2 dateshow parameters...
CVE-2008-0541
Multiple cross-site scripting XSS vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the 1 open and 2 dateshow parameters...
simple32-xss.txt
SIMPLE FORUM v 3.2 MULTIPLE VULNERABILITIES author : tomplixsee my email : [email protected] software : SIMPLE FORUM v3.2 download : http://www.gerd-tentler.de/tools/forum/ 1.XSS vulnerable code on forum.php " " ..... example: http://target/path/forum.php?open="/alertdocument.cookie...
Simple Forum 3.2 (FD/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ========================================================= Simple Forum 3.2 FD/XSS Multiple Remote Vulnerabilities ========================================================= SIMPLE FORUM v 3.2 MULTIPLE VULNERABILITIES author : tomplixsee...
Tribisur 'forum.php'/'cat_main.php' SQL注入漏洞
BUGTRAQ ID: 27149 CNCAN ID:CNCAN-2008010812 Tribisur是一款基于PHP的WEB应用程序。 Tribisur不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'forum.php'和'catmain.php'脚本对用户提交的WEB参数处理缺少充分过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Thomas PEREZ Tribisur 2.0 厂商解决方案 --------- 目前没有解决方案提供:...
Sql injection
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to catmain.php and the 2 cat parameter to forum.php in a liste action...
CVE-2008-0133
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to catmain.php and the 2 cat parameter to forum.php in a liste action...
jPORTAL 2.3.1 & UserPatch - 'forum.php' Remote Code Execution
 $host = $argv1; $path = $argv2; $phpcode = $argv3; $info = "\n\n". " jPORTAL 2.3.1 & UserPatch forum.php Remote PHP Code Execution Exploit\n". "\n". " author: irk4zatyahoo.pl\n". " http://irk4z.wordpress.com\n". "\n". "\n". " greetz: str0ke, wacky, polish under :\n"...
Directory traversal
Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. dot dot in the username parameter in a Register action...
CVE-2007-5822
The CVE-2007-5822 entry affects Ben Ng Scribe 0.2 and earlier, where a flaw in forum.php allows direct static code injection. An attacker can leverage the username parameter in the Register action to cause remote PHP code to be written into a file under regged/. The root cause appears to be impro...
lustig.cms Forum.PHP远程文件包含漏洞
lustig.cms是一款基于PHP的WEB应用程序。 lustig.cms不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是由于'Forum.PHP'脚本对用户提交的'view'参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以以WEB权限执行任意命令。 lustig.cms 2.5 beta 目前没有解决方案提供: http://lustig.cwsurf.de/cms/ http://www.example.com/forum/forum.php?view=Shell...