EUVD-2006-1573

Malware in sbrugna...

Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-08778)

Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4 and prior versions, which originates from data/template/1diyportalview.tpl.php failing to restrict user-submitted content. A remote attacker can use forum.php?mod=post&action=newthread t...

Cross site scripting

Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1diyportalview.tpl.php does not restrict the content...

CVE-2018-10298

Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1diyportalview.tpl.php does not restrict the content...

CVE-2018-10298

CVE-2018-10298 concerns Discuz! DiscuzX up to X3.4, where a reflected XSS is possible via forum.php?mod=post&action=newthread. The root cause is that data/template/1_diy_portal_view.tpl.php does not restrict user-submitted content, enabling injected scripts. This is documented across multiple fee...

vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit

Exploit for unknown platform in category web applications ======================================================= vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit ======================================================= / ----------------------------- Author = Mx Title = vBulletin 3.7.3...

CVE-2006-4558

DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the modmime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php...

PT-2006-5351 · Deluxebb +1 · Deluxebb +1

Name of the Vulnerable Software and Affected Versions: DeluxeBB versions 1.06 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php, specifically when run...

Sql injection

SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action...

CVE-2006-1572

CVE-2006-1572 is an SQL injection vulnerability in Oxygen 1.1.3, exploitable via the fid parameter in a newthread action of post.php. The affected component is Oxygen’s post.php handler; the root cause is unsafely handled user input leading to SQL command execution. This CVE entry has corroborati...

CVE-2005-3689

CVE-2005-3689 affects XMB Forum 1.9.2, specifically the post.php file. The vulnerability occurs when processing a newthread action with an invalid fid parameter, enabling remote attackers to disclose the installation path. This is evidenced by multiple connected documents citing: post.php in XMB ...

PT-2005-4445 · Xmb · Xmb

Name of the Vulnerable Software and Affected Versions: XMB version 1.9.2 Description: The issue allows remote attackers to obtain the installation path. This is achieved by providing an invalid fid parameter in a newthread action to the post.php file. Recommendations: For XMB version 1.9.2,...