1494 matches found
Community Server Forums - SearchResults.aspx Cross-Site Scripting
Community Server Forums - SearchResults.aspx Cross-Site Scripting source: https://www.securityfocus.com/bid/14078/info Community Server Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker...
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users Denial of Service Perl !/usr/bin/perl Name: NsT-phpBBDoS Perl Version Copyright: Neo Security Team Author: HaCkZaTaN Ported: g30rg3x Date: 20/06/05 Description: NsT-phpBB DoS By HackZatan Ported tu perl By g30rg3x A Simple phpBB Registration And Search DoS...
Simple Machines Forum (SMF) 1.0.4 - modify SQL Injection
Simple Machines Forum SMF 1.0.4 - modify SQL Injection !/usr/bin/perl -w SMF Modify SQL Injection // All Versions // By James http://www.gulftech.org Simple proof of concept for the modify post SQL Injection issue I discovered in Simple Machine Forums. Supply this script with your username passwo...
CVE-2005-1890
Mortiforo before 0.9.1 has an unknown vulnerability that reportedly lets users access private forums. The exact vulnerable component, root cause, and attack vectors are not disclosed in the provided connected documents. The NVD entry lists a CVSS v2 base score of 5.0 (Medium) with network impact,...
CVE-2005-1890
Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors...
CVE-2005-1890
Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors...
CVE-2004-1966
Multiple SQL injection vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 FID parameter in board.php, 2 sortorder, perpage, or id parameters in member.php, 3 forums parameter in search.php, or 4 PID or FID parameters ...
CVE-2003-1176
Technical details about CVE-2003-1176 are not provided in the supplied connected documents. Public availability of affected versions, root cause, and fixes is not confirmed here. Monitor for updates.
CVE-2003-1176
postmessageform.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID forum ID parameter...
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the 1 forumid or 2 forumcat parameters, which allows remote attackers to view protected forums via the threadid parameter...
phpBB < 2.0.15 admin_forums.php XSS
Binary data 2849.prm...
phpBB Upload Script "up.php" Arbitrary File Upload
Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...
CPG Dragonfly Multiple XSS
The version of CPG Dragonfly / CPG-Nuke CMS installed on the remote host suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user-input to several variables in various modules. An attacker can exploit these flaws to steal cookie-based authentication credentia...
Invision Power Board HTTP POST Request IFRAME Tag XSS
The version of Invision Power Board installed on the remote host does not properly sanitize HTML tags, which enables a remote attacker to inject a malicious IFRAME when posting a message to one of the hosted forums. This could cause arbitrary HTML and script code to be executed in the context of...
html code include in phpnuke news crash IE 6
www.wormzweb.tk ------------------------------------------------------------------------ ------------------------------------------------------------------------ ENGLISH ------------------------------------------------------------------------...
Few remote bugs in zPanel
Hello, Few bugs have been discovered accidently in zPanel. Developers were notified on 07.March but I have not received any response. Best regards, Mikhail. ------------------------------------------------------------- Product Description "ZPanel is a hosting control interface developed for both...
postnukeSQL0760-2.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
invision131xss.txt
Description: Lack of checking in the SML codes. Exploit: Put this into any signature or post on an invision forum: COLOR=IMGhttp://aaa.aa/=aaa.jpg/IMGstyle=background:url"javascript:document.location.replace'http://www.hackthissite.org';" /color Fix: I'm not good at regexes :...
CVE-2004-1687
Snitz Forums 2000 v3.4.04 has a CRLF injection vulnerability in down.asp that enables HTTP Response Splitting via the location parameter. This remote issue can alter the server's HTML output. OpenVAS data labels it as Snitz Forums 2000 HTTP Response Splitting . No explicit remediation/patch detai...