PT-2004-3258 · Phpx · Phpx

Name of the Vulnerable Software and Affected Versions: PHPX versions 3.0 through 3.2.6 Description: A cross-site request forgery CSRF issue allows remote attackers to execute arbitrary commands via specific URLs that are automatically executed on behalf of the administrator. The affected URLs...

PunBB Search Dropdown Private Forum Disclosure

According to its banner, the remote version of PunBB reportedly may include protected forums in a search dropdown list regardless of whether a user has permissions to view those forums. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SQL injection in vBulletin forums (last10.php)

hi all, a new SQL injection found in VBulletin Forums 3.0.x the Vulnerabilite found in last.php, last 10 topics hack. last.php?fsel=,user.password20as20title,user.20 202020username20as20lastposter20FROM20user, thread2020202020WHERE20usergroupid=620LIMIT 201 to solve the problem delet fsel? from...

cht-2004.txt

CHT Security Research Center-2004 http://www.CyberSpy.Org Turkey Software: Web Forums Server Web Site: http://www.minihttpserver.net Affected Versions: 1.6,2.0 Power Packcurrent Description: Web Forums Server is "all in one" Web Server for Microsoft Windows Operating Systems. Web Forums Server ha...

Multiple Vulnerabilities in Web Forums Server

CHT Security Research Center-2004 http://www.CyberSpy.Org Turkey Software: Web Forums Server Web Site: http://www.minihttpserver.net Affected Versions: 1.6,2.0 Power Packcurrent Description: Web Forums Server is "all in one" Web Server for Microsoft Windows Operating Systems. Web Forums Server ha...

ADVISORY: security hole (http response splitting) in snitz forums 2000

ADVISORY Author: Maestro me! Date: 16-SEP-04 Vendor: Snitz Communications www.snitz.com Product: Snitz Forums 2000 v3.4.04 Product description: from vendor website "the leading ASP forum/bbs on the internet today" Problem: Http response splitting web cache poisoning, xss, yadayadayada -...

CVE-2004-1687

CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter...

Snitz Forums 2000 - down.asp HTTP Response Splitting

Snitz Forums 2000 - down.asp HTTP Response Splitting source: https://www.securityfocus.com/bid/11201/info Snitz Forums is reported prone to a HTTP response splitting vulnerability. The issue exists in a parameter of the 'down.asp' script. The issue presents itself due to a flaw in the affected...

Snitz Forums 2000 - 'down.asp' HTTP Response Splitting

source: https://www.securityfocus.com/bid/11201/info Snitz Forums is reported prone to a HTTP response splitting vulnerability. The issue exists in a parameter of the 'down.asp' script. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET...

Snitz Forums < 3.4.03 register.asp Email Parameter SQL Injection (deprecated)

Binary data 1530.prm...

XSS in Snitz Forum 2000

Sec-Tec Advisory - XSS in Snitz Forums 2000 The most up to date version of this advisory can always be found at: www.sec-tec.co.uk/vulnerability/snitzxss.html Advisory creation date: 6th May 2004 Product: Snitz Forums 2000 Tested version: 3.4.04 older versions believed to be affected also...

Web Wiz Forums Registration Rules XSS Vulnerability

------------------------------------------------------ WEB WIZ FORUMS REGISTRATION RULES XSS VULNERABILITY ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/article/?528 XSS / Cross Site Scripting attack allows an attacker to hijack other...

Web Wiz Forums 7.x - Registration_Rules.asp Cross-Site Scripting

Web Wiz Forums 7.x - RegistrationRules.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/10555/info A vulnerability exists in the Web Wiz Forums software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizi...

Web Wiz Forums 7.x - &#039;Registration_Rules.asp&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/10555/info A vulnerability exists in the Web Wiz Forums software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data passed to the 'registrationrules.asp'...

Web Froums Server crossite scripting

Input filtering is missed in few forms procesing...

Security Advisory: CSS Vulnerability in Web Froums Server 1.6

Security Advisory: CSS Vulnerability in Web Froums Server 1.6 Data: 27.01.2004 Application: Web Froums Server 1.6 Vendor: www.minihttpserver.net Versions: 1.6 and Shareware : Platforms: Windows Bug: JS/HTML code injection. Risk: Low Mini-description for Forums Web Server v1.6: "WebForums Server...

CVE-2003-1176

postmessageform.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID forum ID parameter...

XSS in & path disclosure phpBB forums

Affected versions: Dunno All? Code: http://www.phpbb.com/phpBB/search.php?searchid=3D1'scriptalert/guiler= minator20overload,20vampirun20mugroson/;/script Overview The error is like: ---------------- Could not obtain search results DEBUG MODE SQL Error : 1064 You have an error in your SQL syntax...

Web Wiz Forums ver. 7.01

Informations : °°°°°°°°°°°° Language : ASP Bugged Version : Web Wiz Forums ver. 7.01 and less ? Website : http://www.webwizforums.com Problems : Permanent XSS Objects : °°°°°°° - registernewuser.asp - register.asp The values variable are not filtered: strLocation = Request.Form"location" strMessa...

Web Wiz Forum 6.347.07.5 - Unauthorized Private Forum Access

Web Wiz Forum 6.347.07.5 - Unauthorized Private Forum Access source: https://www.securityfocus.com/bid/8957/info A vulnerability has been reported in Web Wiz Forum that could allow unauthorized access to private forums. The problem occurs when handling malformed requests that make use of 'quote'...