punBB1211.txt

PunBB 1.2.11 Cross-Site Scripting File name :- misc.php Action :- Send Email Line :- 123 php redirect$POST'redirecturl', $langmisc'E-mail sent redirect'; /php The $POST'redirecturl' = Unfilter Input Exploit :- Send POST Request code GET :- /PunBB/misc.php?email=2 POST :-...

CVE-2006-2216

Open Bulletin Board OpenBB 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to 1 misc.php and 2 member.php...

PunBB 1.2.11 Cross-Site Scripting

PunBB 1.2.11 Cross-Site Scripting File name :- misc.php Action :- Send Email Line :- 123 php redirect$POST'redirecturl', $langmisc'E-mail sent redirect'; /php The $POST'redirecturl' = Unfilter Input Exploit :- Send POST Request code GET :- /PunBB/misc.php?email=2 POST :-...

OpenBB 1.0.8 Full Path Disclosure

OpenBB 1.0.8 Full Path Disclosure Bug Found By :- Devil-00 Gr33tz :- Www.securitygurus.neT Rock Master Hackers Pal n0m3rcy -= 1-2 =- Full Path Disclosure Exploits :- /OpenBB/misc.php?action=latest&pforums=D3vil-0x1 /OpenBB/member.php?action=online&&pforums=D3vil-0x1 Fix It :- misc.php Add This Li...

CVE-2006-1215

Cross-site scripting XSS vulnerability in misc.php in Woltlab Burning Board wBB 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS...

MyBulletinBoard (MyBB) 1.04 - 'misc.php' SQL Injection (2)

!/usr/bin/perl -w MyBB : DONT FORGET TO DO YOUR CONFIG !! DONT FORGET TO DO YOUR CONFIG !! DONT FORGET TO DO YOUR CONFIG !! use IO::Socket; -- Start -- $host = "127.0.0.1"; $path = "/mybb3/"; $userid = 1; $mycookie = "mybbuser=1xommhw5h9kZZGSFUppacVfacykK1gnd84PLehjlhTGC1ZiQkXr;"; -- END -- $host...

MyBulletinBoard (MyBB) 1.03 - 'misc.php' SQL Injection

MyBB New SQL Injection D3vil-0x1 Milw0rm ID :- http://www.milw0rm.com/auth.php?id=1320 The Inf.File :- misc.php Linez :- code $buddies = $mybb-user'buddylist'; $namesarray = explode",",$buddies; ifisarray$namesarray whilelist$key, $buddyid = each$namesarray $sql .= "$comma'$buddyid'";...

MyBulletinBoard (MyBB) <= 1.03 (misc.php COMMA) SQL Injection

Exploit for unknown platform in category web applications ============================================================= MyBulletinBoard MyBB The Inf.File :- misc.php Linez :- code $buddies = $mybb-user'buddylist'; $namesarray = explode",",$buddies; ifisarray$namesarray whilelist$key, $buddyid =...

CVE-2005-4138

Multiple cross-site scripting XSS vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the 1 Wohnort and 2 Beruf fields in editprofile.php, 3 user parameter array in vprofile.php, and 4 the action parameter in misc.php...

CVE-2005-4138

ThWboard vulnerable to multiple XSS flaws in versions before 3 Beta 2.84. Attack vectors include (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php. These allow remote attackers to inject arbitrary web script/HT...

CVE-2005-4139

Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the 1 year parameter in calendar.php, 2 user parameter array in vprofile.php, and 3 the userid parameter in misc.php...

DeluxeBB 1.0 - misc.php SQL Injection

DeluxeBB 1.0 - misc.php SQL Injection source: https://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. Successful exploitation could result in a...

MyBBPR2.txt

Hello .. The Injected File : misc.php , newreply.php Discovered by: Devil-00 Injected Versions :- MyBB Preview Release 2 misc.php :- CODE http://site/misc.php?action=rules&fid=-1' SQL /CODE newreply.php :- CODE Do Preview By FireFox And Edit Header ; Content-Disposition: form-data; name="icon"\r\...

CVE-2005-1832

Multiple cross-site scripting XSS vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the 1 forums, 2 version, or 3 limit parameter to misc.php, 4 page or 5 datecut parameter to forumdisplay.php, 6 username, 7 email, or 8...

CVE-2005-0775

CVE-2005-0775 affects PhotoPost PHP 5.0 RC3 where the reportpost action in misc.php fails to limit logging data sent to the administrator, enabling remote attackers to flood the admin with email. The NVD lists a CVSS v2 base score of 7.5 (HIGH) with network access, low attack complexity, and no a...

CVE-2004-0323

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the 1 ppp parameter in viewthread.php, 2 desc parameter in misc.php, 3 tpp parameter in forumdisplay.php, 4 ascdesc parameter in forumdisplay.php, or 5 the addon...