EUVD-2008-3952

Malware in sbrugna...

vBulletin /forumrunner/request.php SQL injection vulnerability

Author: janesknow Chong Yu 404 security lab Date: 2016-11-15 Vulnerability overview Vulnerability description vBulletin is a commercial Forum application, using PHP language, researchers have found that the VBulletin core plug-in forumrunner presence of SQL injection vulnerabilities: CVE-2016-619...

CVE-2010-0678

The vulnerability CVE-2010-0678 affects Katalog Stron Hurricane 1.3.5 (and possibly earlier) via a PHP remote file inclusion in includes/moderation.php when register_globals is enabled. An attacker can supply a URL in the includes_directory parameter to execute arbitrary PHP code on the server. T...

Cross site request forgery (csrf)

MyBB aka MyBulletinBoard 1.4.3 includes the sensitive mypostkey parameter in URLs to moderation.php with the 1 mergeposts, 2 split, and 3 deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery CSRF protection mechanism to hijack the...

MyBB moderation.php跨站脚本执行漏洞

BUGTRAQ ID: 31935 MyBB是一款流行的Web论坛程序。 MyBB moderation.php文件中的redirect函数使用AJAX开关允许JavaScript重新定向，如果用户在请求中包含有htmlspecialchars无法转义的单引号的话，就可以执行跨站脚本攻击，导致以提升的权限执行任意操作，包括PHP和SQL注入。 MyBB 1.4.2 MyBB ---- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.mybboard.com/...

CVE-2008-3967

moderation.php in MyBB aka MyBulletinBoard before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors...

CVE-2008-3966

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...

Design/Logic Flaw

moderation.php in MyBB aka MyBulletinBoard before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors...

CVE-2008-3967

The CVE-2008-3967 entry concerns MyBB (MyBulletinBoard) moderation.php prior to version 1.4.1, where moderator privilege checks are not performed correctly. The description notes unknown impact and remote attack vectors. Public references corroborate the version boundary (before 1.4.1) but do not...

CVE-2008-0383

Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via 1 the mergepost parameter in a domergeposts action, 2 rid parameter in an allreports action, or 3 threads parameter in a domultimovethreads action to ...

Sql injection

Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via 1 the mergepost parameter in a domergeposts action, 2 rid parameter in an allreports action, or 3 threads parameter in a domultimovethreads action to ...

MyBB 'moderation.php' SQL注入漏洞

MyBB是一款基于PHP的WEB应用程序。 MyBB不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'moderation.php'脚本对用户提交的'fid'参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 MyBulletinBoard MyBulletinBoard 1.2.10 MyBulletinBoard MyBulletinBoard 1.2.5 MyBulletinBoard MyBulletinBoard 1.2.3 MyBulletinBoard...

Arbitrary file edit, Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Arbitrary file edit, Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файле templates.php в параметрах file и page и файлах edit-pages.php, categories.php, edit-comments.php, moderation.php, post.php и...

MyBB1.0.3-managegroup.txt

originnal advisoryimei addmimistrator Risk Level: high -----------------Description--------------- There is a security bug in MyBB 1.0.3 software latest version fully patched file moderation.php that allows attacker performe an SQLINJECTION attack. bug is in result of poor checking quotes for...

CVE-2006-0638

SQL injection vulnerability in moderation.php in MyBB aka MyBulletinBoard 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter...

[myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts

ORIGINAL ADVISORY : http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html ——————-Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.3 Class: Remote Status: Unpatched Exploit: Available Discovered by: imei addmimistrator...