CVE-2005-2805

The CVE-2005-2805 entry concerns e107 0.6, where forum_post.php is vulnerable. The issue allows remote attackers to post to non-existent forums by modifying the forum number, indicating a parameter manipulation flaw in the forum posting function. The core impact described is that unauthorized par...

CVE-2005-2805

forumpost.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number...

vBulletin <= 3.0.8 Accessible Database Backup Searcher (update 3)

No description provided by source. / Needed to pentest a few vBulletin forums so I wrote this junk real quick. Reference: http://securitytracker.com/alerts/2005/Aug/1014805.html Good paths: /forum/ / /forum/archive/ /forum/cpadmin/ Update 1: Code error fixes. /str0ke [email protected] Update 2:...

lduSQL.txt

TITLE: ====== Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities SEVERITY: ========= Medium SOFTWARE: ========= Land Down Under version 801 and prior Support Website : http://www.neocrome.net INFO: ===== Land Down Under is a multiple portal system which includes many different...

vBulletin 3.0.8 - Accessible Database Backup Searcher (3)

vBulletin 3.0.8 - Accessible Database Backup Searcher 3 / Needed to pentest a few vBulletin forums so I wrote this junk real quick. Reference: http://securitytracker.com/alerts/2005/Aug/1014805.html Good paths: /forum/ / /forum/archive/ /forum/cpadmin/ Update 1: Code error fixes. /str0ke...

WebWizXSS.txt

Bug : XSS in Web Wiz Forums cookie stealing Bug founded by : [email protected] Comment : I found this bug in +- 1 hour after some bitch asked me to help him, but he haven't do shit LOL Greets to : HaCkZaTaN, Johnnie Walker, Morinex, j0ker, Woopie, siLgi, bcuzZ. Big Fuck to : cobradrive, 0x1fe er...

PT-2005-3561 · Land Down Under · Land Down Under (Ldu) 800

Name of the Vulnerable Software and Affected Versions: Land Down Under LDU 800 Description: Multiple SQL injection issues allow remote attackers to execute arbitrary SQL commands via various parameters to different PHP files, including s or m parameter to "forums.php", o, w, s, or p parameter to...

phpfreenews140.txt

PHPFreeNews V1.40 and prior Multiple Vulnerabilities SEVERITY: ========= High SOFTWARE: ========= PHPFreeNews http://www.phpfreenews.co.uk/ INFO: ===== PHPFreeNews is a free PHP Script which allows you to display news headlines and articles on your website. DESCRIPTION: ============ PHPFreeNews...

w-agora 4.2.0 and prior Remote Directory Travel Vulnerability

w-agora 4.2.0 and prior Remote Directory Travel Vulnerability SEVERITY: ========= High SOFTWARE: ========= w-agora 4.2.0 http://w-agora.net INFO: ===== w-agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other...

postnuke0750.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.750=x cXIb8O3.5 Author: cXIb8O3 Date: 2.3.2005 from SecurityReason.Com - --- 0.Description --- PostNuke: The Phoenix Release 0.750 PostNuke is an open source, open developement content management system CMS. PostNuke started a...

XSS in forums CFBB v1.1.0

This BUGS discovered by rUnViRuS Http://www.security-arab.com [email protected] =-=-=-=-=-=-=-=-= XSS in forums CFBB v1.1.0 Powered by © AderSoftware 2002 =-=-=-=-=-=-=-=-= exploit http://www.example.com/forums/index.cfm?page=XSS =-=-=-=-=-=...

XSS in forums Simple Message Board Version 2.0 Beta 1

This BUGS discovered by rUnViRuS Http://www.security-arab.com =-=-=-=-=-=-=-=-= xss in forums Simple Message Board Version 2.0 Beta 1 Powered by Man and Machine, Ltd Exploit =-=-=-= XSS in forum.cfm http://www.example.com/forum/forum.cfm?FID=scriptJavaScript:alertdocument.cookie;/script...

CVE-2005-2228

Web Wiz Forums 7.9 and 8.0 are affected by a vulnerability that allows remote attackers to view message titles of a hidden forum. The referenced CVE-2005-2228 entry notes network-based access with low attack complexity and no authentication, yielding partial confidentiality impact. No explicit ex...

CVE-2005-2228

Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum...

CVE-2005-2228

Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum...

CVE-2004-2212

SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter...

CVE-2004-2211

CVE-2004-2211 describes a cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0. The flaw allows remote attackers to inject arbitrary scripts/HTML through multiple input vectors: forum_id, method, and forum_title in post.asp; forum_title in forum.asp; and id in post.asp. The cited ref...

CVE-2004-2212

The CVE-2004-2212 entry concerns a SQL injection in AliveSites Forums 2.0. Affected software/component: AliveSites Forums 2.0 (forum.asp). The vulnerability is exposed via the forum_id parameter, allowing remote attackers to execute arbitrary SQL commands. The provided documents confirm the root ...

CVE-2004-2211

Cross-site scripting XSS vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the 1 forumid, 2 method, or 3 forumtitle parameters to post.asp, 4 the forumtitle parameter to forum.asp, or 5 the id parameter to post.asp...

Community Server Forums - 'SearchResults.aspx' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14078/info Community Server Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit these issues to execute arbitrary script code in the...