EUVD-2006-3251

Malware in sbrugna...

vBulletin 3.0.0 XSS Vulnerability

No description provided by source. Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 =============================================== WWW.sec-war.com =============================================== 3.0.0 - Introduction XSS scripts in the script search.php. I...

vBulletin 3.0.0 XSS Vulnerability

Exploit for unknown platform in category web applications ================================= vBulletin 3.0.0 XSS Vulnerability ================================= Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 3.0.0 - Introduction XSS scripts in the script...

vBulletin 3.0.0 - Cross-Site Scripting

Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 =============================================== WWW.sec-war.com =============================================== 3.0.0 - Introduction XSS scripts in the script search.php. In fact, a hole through a browser...

vBulletin 3.0.0 - Cross-Site Scripting

vBulletin 3.0.0 - Cross-Site Scripting Title: vBulletin 3.0.0 XSS Author: Discovered by ROOTEGY Version: vBulletin Version 3.0.0 =============================================== WWW.sec-war.com =============================================== 3.0.0 - Introduction XSS scripts in the script search.ph...

XChangeboard newThread.php文件SQL注入漏洞

BUGTRAQ ID: 30059 Xchangeboard是基于PHP和MySQL的公告牌解决方案。 Xchangeboard的newThread.php文件中没有正确地验证对boardID参数的输入便在SQL查询中使用，这允许远程攻击者通过提交恶意的查询请求执行SQL注入攻击。 Henrik Brinkmann XChangeboard 1.75 Beta Henrik Brinkmann XChangeboard 1.70 Henrik Brinkmann ---------------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本...

CVE-2006-3254

Woltlab Burning Board (WBB) 2.0 RC2 contains a SQL injection in newthread.php that allows remote attackers to execute arbitrary SQL commands via the boardid parameter. The vulnerability is described in CVE-2006-3254; original sources confirm the affected component and impact, but do not provide a...

WBB<<---v2.0 RC2 "newthread.php" SQL Injection

======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ======================================== Example:- /newthread.php?boardid=SQL...

XSS в vBulletin 3.x

Здравствуйте, vuln. Параметры posthash и poststarttime в скриптах newreply.php и newthread.php не фильтруются в POST-запросе это для версии 3.0.9 для 3.5.4 уязвим только параметр posthash и только в скрипте newthread.php В результате чего возможна атака типа XSS. ПРИМЕР: POST /forum/newthread.php...

Cross site scripting

Cross-site scripting XSS vulnerability in newthread.php in MyBB aka MyBulletinBoard 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username...

CVE-2006-1717

CVE-2006-1717 is a documented XSS vulnerability in MyBB 1.10, occurring in newthread.php when unregistered users are allowed to create threads. The username field can be used to inject arbitrary script/HTML. Public references (NVD, CVE lists) align on the issue, with a CVSS v2 base score of 5.1 (...

CVE-2006-1717

Cross-site scripting XSS vulnerability in newthread.php in MyBB aka MyBulletinBoard 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username...

MyBB 1.10 'newthread.php' < CrossSiteScripting >

MyBB 1.10 'newthread.php' CrossSiteScripting Devil-00 | D3vil-0x1 Conditions 1- your unregisterd user 2- you have permissions to do newthread --------------- do newthread with this username :- scriptalertdocument.cookie;/scriptD3vil-0x1 Then Preview it ; ---------------...