Vanilla Forums 2-0-18-4 - SQL-Injection Vulnerability

Exploit Title: Vanilla Forums - SQL-Injection - Insert arbitrary user & dump usertable Date: 04/05/2013 Exploit Author: bl4ckw0rm Vendor Homepage: http://vanillaforums.org/ Version: 2-0-18-4 Tested on: Windows Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on:...

eXtropia bbs_forum.cgi 1.0 - Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly validate user-supplied...

OpenBB 1.0 Unauthorized Moderator Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4823/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. OpenBB is reported to be vulnerable to a condition that will allow an...

WebWiz Forums Search_form.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16196/info WebWiz Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

APBoard 2.0 2 Unauthorized Thread Reading Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6330/info A vulnerability has been reported for APBoard that may allow unauthorized users to read postings in internal forums. The vulnerability is a result of the 'useraction.php' script failing to properly check user...

Web Wiz Forum 9.5 admin_category_details.asp mode Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30398/info Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

Phorum 3.3.2 a Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4763/info Phorum is a PHP based web forums package designed for most UNIX variants, Linux, and Microsoft Windows operating systems. A vulnerability has been reported in Phorum that will allow remote attackers to specify...

Snitz Forums 2000 3.x Members.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4558/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 and MySQL. It i...

SnowCade 3.0 - SQL Injection Vulnerability

No description provided by source. / - SnowCade v3 SQL Injection Vulnerability - ---Date : 2010-06-19 ---Author : ahwak2000 ---Email : z.u5athotmail.com - Script Info - ---Home : http://www.arcadecreate.com/ - Vulnerability - http://site.com/path/index.php?action=browse&cat=SQL INj...

Allaire Forums 2.0.4 Getfile Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/229/info An Allaire Forums file GetFile.cfm in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier. Type the URL...

Snitz Forums 2000 3.4.7 Sound Tag Onload Attribute XSS

No description provided by source. source: http://www.securityfocus.com/bid/36710/info Snitz Forums 2000 is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code cou...

ttCMS 2.2/2.3,ttForum 1.1 Index.PHP Instant-Messages Preferences SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7634/info A problem with ttCMS/ttForum could make it possible for a remote user to launch SQL injection attacks. It has been reported that a problem exists in the Instant-Messages script distributed as part of the softwar...

Web Wiz Forums 7.x Registration_Rules.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10555/info A vulnerability exists in the Web Wiz Forums software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data passe...

Pearl Forums 2.0 Index.PHP Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15425/info Pearl Forums is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

Snitz Forums 2000 3.1 SR4 - (pop_profile.asp) SQL Injection Vulnerability

No description provided by source. =================================X=O=R=O=N================================= Snitz Forums 2000 Version 3.1 SR4 popprofile.asp Remote SQL Injection Vulnerability =================================X=O=R=O=N================================= Bulan: xoron xoron.info -...

Vanilla Forums 2.0.18.4 Tagging Stored XSS

No description provided by source. Title: Vanilla Tagging Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 http://vanillaforums.org/download Create a new thread and post your XSS as tag. I used...

Phorum 3.3.2 Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/4767/info Phorum is a PHP based web forums package designed for most UNIX variants, Linux, and Microsoft Windows operating systems. The 'header.php' and 'footer.php' components of Phorum do not santize the client-supplied...

PHPNuke 5.x/6.x Web_Links Module Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive...

Multiple Web Wiz Products Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27419/info Web Wiz Forums, NewsPad, and Rich Text Editor are prone to a remote information-disclosure vulnerability because they fail to properly sanitize user-supplied input. An attacker can exploit this issue to retriev...

Pearl Forums 2.0 Index.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15433/info Pearl Forums is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to disclose sensitive...