23 matches found
EUVD-2002-1443
Malware in sbrugna...
EUVD-2002-1440
Malware in sbrugna...
EUVD-2002-1442
Malware in sbrugna...
EUVD-2002-1441
Malware in sbrugna...
Leszek Krupinski L-Forum 2.4 Search Script SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5468/info Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the search parameter in the...
L-Forum 2.4.0 SQL Injection / Command Execution
!/usr/bin/perl Web App: L-Forum 2.4.0 Link : http://l-forum.sourceforge.net/ Bug : SQL INJECTIONS SQL Command Injection Exploit Needs MQ Off Dork: Copyright 2000-2001 Leszek 'Leon' Krupinski Credits to Giovanni Buzzin, "Osirys" Mail: osirysatautisticidotorg...
lforum240.txt
Title: l-forum = 2.4.0 Remote File Inclusion Vulnerability The bug is Discovered by Minus-Power Mail: minus-power at myway dot com Date: 19.Aug 2006 -= Republic of IRAN =- Thank you : R00TATI - Stansar & members of RS Damn to : All Arab & Turkish hackers...
CVE-2002-1457
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter...
CVE-2002-1459
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, and 3 Subject...
CVE-2002-1460
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST attachment, attachmentname, attachmentsize and attachmenttype, which allows remote attackers to read arbitrary files...
CVE-2002-1458
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, 3 Subject and 4 Body...
CVE-2002-1458
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, 3 Subject and 4 Body...
CVE-2002-1458
CVE-2002-1458 is a cross-site scripting vulnerability in L-Forum 2.40 and earlier when the option “Enable HTML in messages” is enabled. The vulnerability allows remote attackers to inject arbitrary script or HTML via message fields such as From, E-Mail, Subject, and Body . The NVD entry assigns a...
CVE-2002-1460
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST attachment, attachmentname, attachmentsize and attachmenttype, which allows remote attackers to read arbitrary files...
CVE-2002-1457
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter...
CVE-2002-1459
CVE-2002-1459 is a cross-site scripting vulnerability in L-Forum versions 2.40 and earlier, where the option “Enable HTML in messages” off allows remote insertion of script/HTML via From, E‑Mail, or Subject fields. Root cause: insufficient input validation/escaping in message fields. According to...
CVE-2002-1460
CVE-2002-1460 affects L-Forum 2.40 and earlier. The issue is improper verification of uploaded files and associated POST variables (attachment, attachment_name, attachment_size, attachment_type), enabling remote attackers to read arbitrary files. The connected documents confirm the affected softw...
CVE-2002-1457
CVE-2002-1457 targets L-Forum 2.40. It describes a SQL injection in search.php via the search parameter that could allow remote attackers to execute arbitrary SQL statements. The connected documents confirm the affected software (L-Forum 2.40) and the vulnerable component (search.php) with the un...
CVE-2002-1459
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, and 3 Subject...
L-Forum XSS and upload spoofing
L-Forum XSS and upload spoofing PROGRAM: L-Forum VENDOR: Leszek Krupinski [email protected] HOMEPAGE: http://l-forum.x-php.net/ VULNERABLE VERSIONS: 2.4.0, possibly others IMMUNE VERSIONS: none, but an official patch is available for some issues SEVERITY: high LOGIN REQUIRED: no DESCRIPTION: "L-Foru...