CVE-2006-1288

Multiple SQL injection vulnerabilities in Invision Power Board IPB 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to 1 arrays of id/stamp pairs and 2 the keys in arrays of key/value pairs in ipsclass.php; 3 the topics variable in...

DCP Portal: Multiple XSS Vulnerabilities

=========================================================== DCP Portal: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-001, March 9, 2006 =========================================================...

CVE-2005-3365

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via 1 the name parameter in register.php, 2 the email parameter in lostpassword.php, 3 the year parameter in calendar.php, and the 4...

DeluxeBB 1.0 - 'forums.php' SQL Injection

source: https://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. Successful exploitation could result in a compromise of the application,...

Land Down Under <= 800 Multiple Vulnerabilities

The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magicquotes' setting is disabled due to its failure to sanitize the request URI before using it in 'system/functions.php' in the function 'ldulog'. A malicious user may be able...

Land Down Under 800801 - forums.php Multiple SQL Injections

Land Down Under 800801 - forums.php Multiple SQL Injections source: https://www.securityfocus.com/bid/14618/info Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful...

CVE-2005-2570

CVE-2005-2570 affects FunkBoard 0.66CF and possibly earlier releases. A direct request to forums.php can disclose sensitive information by revealing the path in an error message, enabling information disclosure. The available sources state the flaw but do not provide detailed exploit scenarios, a...

CVE-2005-2570

FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message...

CVE-2005-2570

FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message...

bmforumXSS.txt

Multiple Cross site scripting in BMForum vendor url:http://www.bmforum.com/ Advisore:http://lostmon.blogspot.com/2005/07/ multiple-cross-site-scripting-in.html Vendor notify:yes Exploit available:yes BMForum contains a flaw that allows a remote cross site scripting attack.This flaw exists because...

siteman119.txt

New XSS Vulnerability in Siteman v1.1.9, Discovered by PersianHacker.NET Security Team by Pi3cH pi3ch yahoo com http://www.PersianHacker.NET Siteman is a Content Management System CMS that is so easy to install and use, that a person who has no knowledge about creating homepages can get a...

XSS Vulnerability in Siteman v1.1.9

New XSS Vulnerability in Siteman v1.1.9, Discovered by PersianHacker.NET Security Team by Pi3cH pi3ch yahoo com http://www.PersianHacker.NET Siteman is a Content Management System CMS that is so easy to install and use, that a person who has no knowledge about creating homepages can get a...

PHP-Nuke block-Forums.php subject vulnerabilities

The block-Forums.php file have a vuln if an attacker insert a malformatted subject to a topic of Splatt Forum. A type of subject is: "scriptalert'bug'";/script The 'alt' tag is closed by " and the other text is normal html. This bug is very bad if a subject is:...