1494 matches found
CVE-2007-3812
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php...
CVE-2007-3416
Multiple cross-site request forgery CSRF vulnerabilities in the administration of 1 polls, 2 profiles, 3 IP bans, and 4 forums in a web-app.org WebAPP 0.8 through 0.9.9.6; and b web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the administration of 1 polls, 2 profiles, 3 IP bans, and 4 forums in a web-app.org WebAPP 0.8 through 0.9.9.6; and b web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators...
CVE-2007-3416
Multiple cross-site request forgery CSRF vulnerabilities in the administration of 1 polls, 2 profiles, 3 IP bans, and 4 forums in a web-app.org WebAPP 0.8 through 0.9.9.6; and b web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators...
Sql injection
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."...
CVE-2007-3244
CVE-2007-3244 describes a SQL injection in bbPress prior to version 0.8.1. The vulnerability is in bb-includes/formatting-functions.php and can allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, demonstrated by a PRE element (the “quirky slashe...
CVE-2007-3244
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."...
Joomla! Component Phil-a-Form 1.2.0.0 - SQL Injection
!/bin/sh Joomla Component Phil-a-Form = 1.2.0.0 SQL Injection Exploit Discovered by: Cody "CypherXero" Rester Payload: Admin Username and MD5 Hash Retrieval Website: http://www.cypherxero.net Shoutouts to the milw0rm community, the PIMP forums and my blog, of course echo...
Joomla! Component Phil-a-Form 1.2.0.0 - SQL Injection
Joomla! Component Phil-a-Form 1.2.0.0 - SQL Injection !/bin/sh Joomla Component Phil-a-Form = 1.2.0.0 SQL Injection Exploit Discovered by: Cody "CypherXero" Rester Payload: Admin Username and MD5 Hash Retrieval Website: http://www.cypherxero.net Shoutouts to the milw0rm community, the PIMP forums...
NavBoard 2.6.0 - Remote Code Execution
"; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input ty...
NavBoard 2.6.0 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================ NavBoard 2.6.0 Remote Code Execution Exploit ============================================ "; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print "";...
Apple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure
source: https://www.securityfocus.com/bid/24121/info Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions. Exploiting this issue may allow attackers to access locations that a user visits, even if it's in a...
RealPlayer 10 - '.ra' Remote Denial of Service
!/usr/bin/python Real player 10 Gold .Ra file remote Dos. Credits to n00b for finding this bug This bug is a nasty memory leak with in Real player 10 gold please remember if your guna test it out save all your info you need first..Coz your probly guna have to reboot also remember all other...
Remote file inclusion
PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 EN-Forums module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
Eve-Nuke Forums MySQL.PHP远程文件包含漏洞
Eve-Nuke Forums是一款基于PHP的WEB应用程序。 Eve-Nuke Forums不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'MySQL.PHP'脚本对用户提交的WEB参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Eve-Nuke Eve-Nuke Forum beta.01 目前没有解决方案提供: http://eve-nuke.sourceforge.net/...
Across the station through the kill vulnerability:support for the latest phpwind forums such as the.- Vulnerability warning-the black bar safety net
Information source: the Black art group Finishing editor: B. S. T As long as the back of the domain name is changed you have to jump on the domain names can be... Support wmv Forum the following post: wmv=314,256,1http://www.rootkit.com.cn/qq.swf?url=http://www.rootkit.com.cn/wmv Other forums...
Web Wiz Forums字符串过滤SQL注入漏洞
Web Wiz Forums是一款基于ASP的WEB应用程序。 Web Wiz Forums不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息。 问题是'page.asp'脚本对用户提交的'NewsID'参数缺少过滤,提交恶意SQL代码作为参数数据,可导致更改原来的SQL逻辑,获得敏感信息。 Web Wiz Forums 8.05a之前版本 升级到最新版本: http://www.webwizguide.info/news/newsitem.asp?NewsID=103 form method="post"...
Web Wiz Forums 8.05 (MySQL version) SQL Injection
There is a vulnerability in MySQL version of Web Wiz Forums, free ASP bulletin board system software, enabling SQL injection. The vulnerability is in the code used to filter string parameters prior to including them in the SQL queries: 'Format SQL Query funtion Private Function formatSQLInputByVa...
webwiz805-sql.txt
There is a vulnerability in MySQL version of Web Wiz Forums, free ASP bulletin board system software, enabling SQL injection. The vulnerability is in the code used to filter string parameters prior to including them in the SQL queries: 'Format SQL Query funtion Private Function formatSQLInputByVa...
CVE-2007-1548
SQL injection vulnerability in functions/functionsfilters.asp in Web Wiz Forums before 8.05a MySQL version does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via "' backslash double-quote quote sequences, which are collapse...