CVE-2004-2671

The CVE-2004-2671 entry corresponds to a vulnerability in mod.php of eNdonesia 8.3 where remote attackers can obtain sensitive information by issuing certain direct requests and requests with invalid parameter values. The error messages disclose local paths, demonstrated via the (1) mod and (2) c...

CVE-2006-6873

Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via 1 the did parameter in a a viewdisk operation diskusi mod, or the 2 cid parameter in a b viewlink katalog mod or b viewcat diskusi mod operation...

CVE-2006-6872

Technical details about CVE-2006-6872 are not publicly available in the provided connected documents; only the basic description and references are present. Monitor for updates.

CVE-2006-6873

CVE-2006-6873 describes multiple SQL injection vulnerabilities in mod.php of eNdonesia 8.4. The affected component is the mod.php file, with vulnerable vectors via (1) the did parameter in a viewdisk operation and (2) the cid parameter in viewlink (katalog mod) or viewcat (diskusi mod). The under...

CVE-2006-6873

Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via 1 the did parameter in a a viewdisk operation diskusi mod, or the 2 cid parameter in a b viewlink katalog mod or b viewcat diskusi mod operation...

CVE-2006-6871

Multiple cross-site scripting XSS vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter in a viewlink operation in mod.php, 2 the intypeid parameter in a showinfo operation in the informasi module in mod.php, 3 the "your Friend" fie...

eNdonesia 8.4 (mod.php/friend.php/admin.php) Multiple Vulnerabilities

No description provided by source. bugs for Endonesia8.4 FInd:z1ckXru mail:[email protected] 1 http://localhost/en/mod.php?mod=XSS&op=viewlink&cid=5 2 http://localhost/en/friend.php your Friend:XSS 3 http://localhost/en/admin.php Main Text: XSS 4...

eNdonesia 8.4 - mod.phpfriend.phpadmin.php Multiple Vulnerabilities

eNdonesia 8.4 - mod.phpfriend.phpadmin.php Multiple Vulnerabilities bugs for Endonesia8.4 FInd:z1ckXru mail:[email protected] 1 http://localhost/en/mod.php?mod=XSS&op=viewlink&cid=5 2 http://localhost/en/friend.php your Friend:XSS 3 http://localhost/en/admin.php Main Text: XSS 4...

eNdonesia 8.4 (mod.php/friend.php/admin.php) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== eNdonesia 8.4 mod.php/friend.php/admin.php Multiple Vulnerabilities ===================================================================== bugs for Endonesia8.4...

Sql injection

SQL injection vulnerability in the dommod function in mod.php in Invision Community Blog ICB 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter...

CVE-2006-1428

CVE-2006-1428 affects phpCOIN 1.2.2 and earlier. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML through the fs parameter to either mod.php or mod_print.php. The available documents do not provide explo...

CVE-2005-4213

SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie...

CVE-2005-4213

SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie...

CVE-2005-4213

CVE-2005-4213 describes a SQL injection in mod.php of phpCOIN 1.2.2 exploitable via the phpcoinsessid cookie, allowing remote SQL commands. This affects phpCOIN 1.2.2 prior to any fixes; remediation is not detailed in the provided documents, but related Nessus entries reference a 1.2.2 fix releas...

CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to index.php, 2 phpcoinsessid parameter to login.php, 3 id, 4 dtopicid, or 5 dcatid to mod.php...

CVE-2005-1170

SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2005-1171

Cross-site scripting XSS vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2005-1170

This CVE refers to an SQL injection in PHPBB’s datenbank module (mod.php) where the id parameter enables remote SQL execution. The underlying vulnerability is an injectable query in mod.php, exposing potential data exposure and integrity impacts (CVSS v2 base score 7.5, HIGH). Affected component ...

CVE-2005-1171

CVE-2005-1171 is an XSS vulnerability affecting the phpBB datenbank module via mod.php, where the id parameter can be exploited to inject arbitrary script/HTML. The weakness stems from improper sanitization of user-supplied data, enabling remote attackers to execute script in the context of the v...

phpBB datenbank mod has XSS/SQL Injection in the id variable

vulnerable mod: datenbank explaination: you can pass SQL Injection / Cross Site Scripting Commands in the id variable inside the mod.php mod-datenbank exploit: http://target/phpBB/moddb/mod.php?id='SQL Injection http://target/phpBB/moddb/mod.php?id='scriptalertdocument.cookie /script this bugs...