35 matches found
CVE-2006-2219
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the 1 mode parameter to memberlist.php and the 2 highlight parameter to viewtopic.php that are used a...
CVE-2006-4299
Cross-site scripting XSS vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
tikiwiki -- multiple vulnerabilities
Secunia reports: Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "highlight" parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be...
CVE-2006-3149
Cross-site scripting XSS vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...
CVE-2006-3149
Cross-site scripting XSS vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...
phpBB viewtopic.php highlight parameter vulnerability
Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...
phpBB viewtopic.php highlight parameter vulnerability
Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...
phpBB viewtopic.php highlight parameter vulnerability
Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...
phpBB viewtopic.php highlight parameter vulnerability
Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...
CVE-2002-1894
Cross-site scripting XSS vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...
phpbb -- remote PHP code execution vulnerability
FrSIRT Advisory reports: A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the...
PT-2005-1651 · Phpbb · Phpbb
Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.12 and earlier Description: The issue allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax in the "viewtopic.php" API endpoint. This reveals the path...
CVE-2004-1315
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...
CVE-2004-1315
Summary: CVE-2004-1315 affects phpBB 2.x prior to 2.0.11. The vulnerability stems from improper URL decoding of the highlight parameter in viewtopic.php, allowing a remote attacker to double-encode the highlight value so that PHP exec runs arbitrary code. Exploited in the wild by the Santy.A worm...
phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter
Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...