Authenticated SQL Injection

torrentpier/torrentpier is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicid parameter in modcp.php, which allows an authenticated moderator to inject malicious SQL queries and exploit the database...

EUVD-2008-7102

Malware in sbrugna...

CVE-2014-3827

Multiple cross-site scripting XSS vulnerabilities in the MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the 1 edit or 2 add action in the user-users module or the 3 finduser action or the name parameter in a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the 1 edit or 2 add action in the user-users module or the 3 finduser action or the name parameter in a...

CVE-2014-3827

CVE-2014-3827 affects MyBB versions before 1.8.4. The vulnerability is a set of stored/reflected XSS flaws that allow a remote authenticated user to inject arbitrary script/HTML via the title parameter in the user-users module (edit/add), the finduser action, or the name/parameter in the edit act...

MyBB < 1.6.10 Multiple Vulnerabilities

Binary data 9119.prm...

Woltlab Burning Board 2.x ModCP.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14617/info Woltlab Burning Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

MyBB < 1.6.10 Multiple Vulnerabilities

According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : - A SQL injection vulnerability exists due to improper sanitization of user-supplied input during database optimization. - A SQL injection vulnerability exists due to improp...

Session fixation

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header...

CVE-2008-7143

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header...

CVE-2008-7143

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header...

CVE-2008-7143

phpBB 2.0.23 is affected. When a moderator/administrator closes a thread, the session ID can be exposed in a Referer header during a post that includes a URL to a remotely hosted image, enabling remote attackers to hijack the user session. The NVD entry lists CVSS v2 metrics: AV:N/AC:M/Au:N/C:P/I...

CVE-2008-0472

The CVE-2008-0472 entry concerns Woltlab Burning Board (wBB) 2.3.6 PL2. The vulnerable component is modcp.php, where a cross-site request forgery (CSRF) can cause thread deletion by a moderator or administrator via a thread_del action. The exploit does not require authentication, aligning with th...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

CVE-2006-0438

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

Woltlab Burning Board modcp.php Multiple Parameter SQL Injection

The remote version of Burning Board / Burning Board Lite is prone to SQL injection attacks due to its failure to sanitize user-supplied input to the 'x' and 'y' parameters of the 'modcp.php' script before using it in database queries. Provided an attacker has moderator privileges, these flaws may...

woltlab233.txt

Woltlab Burning Board = 2.2.2/2.3.3 modcp.php SQL injection Discovered by R Vendor: WoltLab URL: http://www.woltlab.de/ Version: = 2.3.3 Type: SQL-injection Description: -------------------------------- The WoltLab Burning Board is a high customisable board software for every kind of use. SQL...

CVE-2005-2673

CVE-2005-2673 concerns a SQL injection in the modcp.php script of Wol tlab Burning Board, affecting versions 2.2.2 and 2.3.3. The vulnerability arises from unsafely using user-supplied input in the queries for parameters (1) x and (2) y without proper sanitization, allowing remote authenticated a...

CVE-2005-2673

SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 x or 2 y parameters...

Woltlab Burning Board &lt;= 2.2.2/2.3.3 modcp.php SQL injection

Woltlab Burning Board = 2.2.2/2.3.3 modcp.php SQL injection Discovered by R Vendor: WoltLab URL: http://www.woltlab.de/ Version: = 2.3.3 Type: SQL-injection Description: -------------------------------- The WoltLab Burning Board is a high customisable board software for every kind of use. SQL...