EUVD-2011-3557

Malware in sbrugna...

CVE-2013-7275

Cross-site scripting XSS vulnerability in misc.php in MyBB aka MyBulletinBoard before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup...

CVE-2024-30884

Reflected Cross-Site Scripting XSS vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component...

CVE-2024-30884

Reflected Cross-Site Scripting XSS vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component...

CVE-2024-30884

Reflected Cross-Site Scripting XSS vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component...

MyBulletinBoard (MyBB) <= 1.03 (misc.php COMMA) SQL Injection

No description provided by source. MyBB New SQL Injection D3vil-0x1 Devil-00 Milw0rm ID :- http://www.milw0rm.com/auth.php?id=1320 The Inf.File :- misc.php Linez :- code $buddies = $mybb-user'buddylist'; $namesarray = explode,,$buddies; ifisarray$namesarray whilelist$key, $buddyid = each$namesarr...

DeluxeBB 1.0 misc.php uid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. Successful exploitation could result in a...

MyBB < 1.6.12 Multiple Vulnerabilities

According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : - A cross-site scripting flaw exists in misc.php due to improper validation of input when generating a small popup list of smilies. This allows a remote attacker to create a...

CVE-2012-0975

Cross-site scripting XSS vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter...

CVE-2011-3371

Multiple cross-site scripting XSS vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 formsent, 3 csrftoken, 4 reqconfirm, or 5 delete parameter to delete.php, the 6 id, 7 formsent, 8 csrftoken, 9 reqmessage,...

CVE-2008-7268

The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to phpinfo in misc.php...

Information disclosure

The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to phpinfo in misc.php...

CVE-2008-7268

SiteEngine 5.x is affected by CVE-2008-7268 via a phpinfo information-disclosure in misc.php when action=php_info is supplied, allowing remote attackers to obtain system information. The connected documents reiterate the description; no remediation patch/version is provided in the supplied source...

Sql injection

SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033...

CVE-2010-4151

The CVE-2010-4151 entry corresponds to an SQL injection in DeluxeBB 1.3 (and possibly earlier) affecting misc.php, triggered when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to manipulate the xthedateformat parameter in a register action and execute arbitrary SQL comma...

vBulletin Cyb - Advanced Forum Statistics Denial Of Service

Exploit Title: vBulletin "Cyb - Advanced Forum Statistics" DOS Date: 10-4-2010 Author: Andhra Hackers Software Link: Version: Web Application Tested on: Apcahe/Unix CVE : if exists Code : PHP crashes existed from a long time back and there were several issues which were a reason for that. 1PHP pa...

vBulletin (Cyb - Advanced Forum Statistics) - misc.php Denial of Service

vBulletin Cyb - Advanced Forum Statistics - misc.php Denial of Service Exploit Title: vBulletin "Cyb - Advanced Forum Statistics" DOS Date: 10-4-2010 Author: Andhra Hackers Software Link: Version: Web Application Tested on: Apcahe/Unix CVE : if exists Code : PHP crashes existed from a long time...

CVE-2009-4468

Cross-site scripting XSS vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

Code injection

DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service CPU or...

CVE-2009-4468

DeluxeBB 1.3 is affected by a Cross-site Scripting (XSS) vulnerability in misc.php via the page parameter. This is a client-side script injection risk in the web interface. The CVE entry CVE-2009-4468 states the vulnerability allows remote attackers to inject arbitrary web script or HTML. Connect...