APBoard - post threads to protected forums and possibility to hijack forum-password

Product: Another PHP Program - APBoard Versions: tested on 2.02, 2.03 Vulnerability: post threads to protected forums and possibility to hijack forum-password Date: November 12, 2002 Discovered by: ProXy [email protected] Introduction: Normal Users can submit threads to password protected forums a...

Allaire Forums does not verify user information stored in hidden form fields

Overview Allaire Forums does not verify user information submitted in hidden fields on a web form, allowing attackers to impersonate other users. Description Allaire Forums is a web-based bulletin board system that runs on Cold Fusion. When a user wishes to post a message, Allaire Forums...

CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...

Snitz Forums 2000 vulnerable to cross-site scripting via crafted IMG tag

Overview Snitz Forums 2000 does not adequately check "IMG" tag "SRC" attributes and thus contains cross-site scripting vulnerability. Description Snitz Forums is an automated bulletin-board program for web sites. Snitz Forums allows users to submit images by specifying the URL of the image. In...

CVE-2002-0607

Snitz Forums 2000, version 3.3.03 and earlier, is affected in members.asp by a SQL injection on parameters (M_NAME, UserName, FirstName, LastName, INITIAL) that enables remote attackers to execute arbitrary code. Root cause is improper input handling in the affected page, allowing injected SQL to...

CVE-2002-0607

members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters 1 MNAME, 2 UserName, 3 FirstName, 4 LastName, or 5 INITIAL...

Snitz Forums 2000 remote SQL query manipulation vulnerability

vulnerable ---------- Product : Snitz Forums 2000 Version : 3.3 3.3.01 3.3.02 3.3.03 last stable version Object : members.asp Class : Input validation error remote SQL query manipulation vulnerability Vendor-URL : http://forum.snitz.com/ Vendor-Status : informed, not patched Remote-Exploit : yes...

Snitz Forums 2000 remote SQL query manipulation vulnerability

vulnerable ---------- Product : Snitz Forums 2000 Version : 3.3 3.3.01 3.3.02 3.3.03 last stable version Object : members.asp Class : Input validation error remote SQL query manipulation vulnerability Vendor-URL : http://forum.snitz.com/ Vendor-Status : informed, not patched Remote-Exploit : yes...

Snitz Forums 2000 3.x - members.asp SQL Injection

Snitz Forums 2000 3.x - members.asp SQL Injection source: https://www.securityfocus.com/bid/4558/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000...

Snitz Forums 2000 3.x - 'members.asp' SQL Injection

source: https://www.securityfocus.com/bid/4558/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 and MySQL. It is possible for a remote attacker t...

CVE-2002-0108

Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address...

CVE-2002-0108

Allaire Forums 2.0.4/2.0.5 and Forums! 3.0/3.1 allow remote authenticated users to spoof messages by modifying hidden form fields that carry the name and e-mail address. The root cause is lack of verification of user information submitted via hidden fields, enabling impersonation of other users w...

CVE-2002-0108

Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address...

Snitz Forums 2000 3.03.13.3 - Image Tag Cross-Agent Scripting

Snitz Forums 2000 3.03.13.3 - Image Tag Cross-Agent Scripting source: https://www.securityfocus.com/bid/4192/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz Forums 2000 allows users to include images in forum messages using image tags,...

Snitz Forums 2000 3.0/3.1/3.3 - Image Tag Cross-Agent Scripting

source: https://www.securityfocus.com/bid/4192/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz Forums 2000 allows users to include images in forum messages using image tags, with the following syntax: imgurl of image/img It is possible...

YaBB 9.1.2000 - Cross-Agent Scripting

source: https://www.securityfocus.com/bid/3828/info YaBB Yet Another Bulletin Board is freely available web forums/community software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms. YaBB is prone to cross-agent scripting...

CVE-1999-0800

The CVE-1999-0800 issue affects Allaire Forums (2.0.4 and earlier) running in ColdFusion, where GetFile.cfm exposes a FilePath parameter that allows remote attackers to read arbitrary server files (e.g., via http://target/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\boot.ini). Root cause: GetFile.cf...

CVE-1999-0800

The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm...

Ultimate Bulletin Board Version 5.47e

About: "Ultimate Bulletin Board Version 5.47e" by "www.infopop.com" on Cross-Platform tested on UNIX Subject: Another possibility to read in private forums Status: Vendors took aknoledgement; No reply of any solution yet; Details: As still known, there've been some security problem in UBB up to...

CVE-1999-0800

The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm...