1494 matches found
CVE-2004-1687
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter...
CVE-2004-1496
CVE-2004-1496 describes a directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack that allows remote attackers to read arbitrary files via crafted URLs containing …, ../, encoded dot-dot slash (/%2E%2E%5C, %2E%2E%2F). The NVD/NVD-derived entries confirm the affected product ...
CVE-2004-1496
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing 1 ".." dot dot backslash, 2 "../" dot dot slash, 3 "/%2E%2E%5C" encoded dot dot backslash, or 4 "%2E%2E%2F" encoded dot dot slash...
CVE-2004-1497
Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges...
CVE-2004-1497
Web Forums Server 1.6 and 2.0 Power Pack store passwords in plaintext in the Username.ini file, enabling local users to gain privileges. This indicates a local-privilege escalation risk due to insecure credential storage. The available sources describe the vulnerable component and impact but do n...
Chipmunk Forums - SQL Injection
Chipmunk Forums - SQL Injection /==========================================/ // GHC - Chipmunk forum - ADVISORY // Product: Chipmunk Forums // URL: http://www.chipmunk-scripts.com/board // VULNERABILITY CLASS: SQL injection // RISK: hight /==========================================/ exploit at...
Chipmunk Forums - SQL Injection
/==========================================/ // GHC - Chipmunk forum - ADVISORY // Product: Chipmunk Forums // URL: http://www.chipmunk-scripts.com/board // VULNERABILITY CLASS: SQL injection // RISK: hight /==========================================/ exploit at login.php enter user name as...
Chipmunk Forums SQL Injection Exploit
No description provided by source. /==========================================/ // GHC - Chipmunk forum - ADVISORY // Product: Chipmunk Forums // URL: http://www.chipmunk-scripts.com/board // VULNERABILITY CLASS: SQL injection // RISK: hight /==========================================/ exploit at...
Chipmunk Forums SQL Injection Exploit
Exploit for unknown platform in category web applications ===================================== Chipmunk Forums SQL Injection Exploit ===================================== /==========================================/ // GHC - Chipmunk forum - ADVISORY // Product: Chipmunk Forums // URL:...
PHP-Fusion 4.0 - 'Viewthread.php' Information Disclosure
source: https://www.securityfocus.com/bid/12482/info PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input. It is reported that an attacker could leverage this vulnerability to view any...
php-fusion 4.x vuln
TheGreatOne2176, Reapercore I have a found an error in php-fusion 4.x where you can view any thread on the forum. In fusionforum/viewthread.php the $GET variables arent properly checked or queried making it possible to view all threads. The example I tested was...
XSS in the nested BB tag in many forum
XSS was found in the nested BB tag in many forum: Invision Power Board: COLOR=IMGhttp://aaa.aa/=aaa.jpg/IMG style=background:urljavascript:alert /COLOR vBulletin EMAIL=URL=s [email protected]:[email protected] sssssss/URL/EMAIL style=background:urljavaSCrip t:alert/HifromAlgol/ using tab between...
CVE-2004-2211
Cross-site scripting XSS vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the 1 forumid, 2 method, or 3 forumtitle parameters to post.asp, 4 the forumtitle parameter to forum.asp, or 5 the id parameter to post.asp...
CVE-2004-1496
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing 1 ".." dot dot backslash, 2 "../" dot dot slash, 3 "/%2E%2E%5C" encoded dot dot backslash, or 4 "%2E%2E%2F" encoded dot dot slash...
CVE-2004-2720
Cross-site scripting XSS vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter...
CVE-2004-1497
Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges...
CVE-2004-2212
SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter...
CVE-2004-2733
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to 1 block arbitrary IP addresses via popupipblocking.asp or 2 modify topics via popuptopicadmin.asp...
PT-2004-3257 · Phpx · Phpx
Name of the Vulnerable Software and Affected Versions: PHPX versions 3.0 through 3.2.6 Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via hex-encoded tags. This is achieved by bypassing the check for literal "", "", and "" characters in the checkURI...
PT-2004-3256 · Phpx · Phpx
Name of the Vulnerable Software and Affected Versions: PHPX versions 3.2.6 and earlier Description: The issue allows remote attackers to obtain the physical path of PHPX by providing a null or invalid value in the limit parameter. This results in the pathname being leaked in a database error...