CVE-2007-5943

Simple Machines Forum SMF 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message...

Free Forums "search" Sql Injection

http://Aria-Security.net Aria-Security Team ------------------------------------ Free Forums Sql Injection Vendor: http://www.nvecs.com/forums the search parameter hast an sql injection example: 'having 1=1-- result: MicrosoftODBC Microsoft Access Driver Syntax error missing operator in query...

CVE-2002-2398

The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter...

CVE-2002-2398

The vulnerability CVE-2002-2398 affects APBoard versions 2.02 and 2.03, where the new thread posting page allows remote attackers to post messages in protected forums by modifying the insertinto parameter. This is the only detail available in the provided documents; no root cause, affected file/f...

CVE-2007-5688

Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums aka Multi Host Forum Pro module 1.3.3, for phpBB and Invision Power Board IPB or IP.Board, allow remote attackers to execute arbitrary SQL commands via the 1 go and 2 cat parameters...

Sql injection

Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums aka Multi Host Forum Pro module 1.3.3, for phpBB and Invision Power Board IPB or IP.Board, allow remote attackers to execute arbitrary SQL commands via the 1 go and 2 cat parameters...

CVE-2007-5688

Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums aka Multi Host Forum Pro module 1.3.3, for phpBB and Invision Power Board IPB or IP.Board, allow remote attackers to execute arbitrary SQL commands via the 1 go and 2 cat parameters...

CVE-2007-5688

CVE-2007-5688: Multiple SQL injection vulnerabilities in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3 for phpBB/IPB, in directory.php, allow remote attackers to execute arbitrary SQL via the (1) go and (2) cat parameters. Affected software is the Multi-Forums module version 1.3.3; roo...

Multi-Forums - 'Directory.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/26213/info Multi-Forums is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Exploiting these issues could allow an attacker to compromise the application, access o...

Multi-Forums - Directory.php Multiple SQL Injections

Multi-Forums - Directory.php Multiple SQL Injections source: https://www.securityfocus.com/bid/26213/info Multi-Forums is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Exploiting these issues could allo...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nukebbrootpath parameter...

CVE-2007-5676

PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nukebbrootpath parameter...

CVE-2007-5676

CVE-2007-5676 relates to a PHP remote file inclusion in PHP-Nuke Platinum 7.6.b.5, specifically in modules/Forums/favorites.php. The underlying issue allows an attacker to execute arbitrary PHP code via a URL supplied to the nuke_bb_root_path parameter, enabling remote code execution. The affecte...

Mozilla Foundation Security Advisory 2007-32

Mozilla Foundation Security Advisory 2007-32 Title: File input focus stealing vulnerability Impact: Moderate Announced: October 18, 2007 Reporter: hong, Charles McAuley Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description A user on the Sla.ckers.org forums named hong...

File input focus stealing vulnerability — Mozilla

A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the...

CVE-2004-2733

Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to 1 block arbitrary IP addresses via popupipblocking.asp or 2 modify topics via popuptopicadmin.asp...

CVE-2004-2733

The CVE-2004-2733 vulnerability concerns Web Wiz Forums 7.7a, where flawed privilege logic allows remote attackers to perform two actions: (1) block arbitrary IP addresses via pop_up_ip_blocking.asp and (2) modify topics via pop_up_topic_admin.asp. The NVD entry notes a network attack vector, no ...

CVE-2004-2720

The vulnerability CVE-2004-2720 affects Snitz Forums 2000 (versions 3.4.04 and earlier) where a cross-site scripting (XSS) flaw exists in register.asp. The root cause is unvalidated input in the Email parameter, allowing an attacker to inject arbitrary web script or HTML via javascript events. Th...

CVE-2007-5172

Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message...

Default credentials

Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message...