17 matches found
NuclearBB Alpha 1 Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
CVE-2007-4906
PHP remote file inclusion vulnerability in tasks/sendqueuedemails.php in NuclearBB Alpha 2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in tasks/sendqueuedemails.php in NuclearBB Alpha 2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...
Immunity Canvas: NUCLEARBB_INCLUDE
Name| nuclearbbinclude ---|--- CVE| CVE-2007-4906 Exploit Pack| CANVAS Description| NuclearBB Alpha 2 Remote file inclusion Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: nuclearbb.com CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4906 CVE Name: CVE-2007-4906...
CVE-2007-4906
CVE-2007-4906 affects NuclearBB Alpha 2 and its file tasks/send_queued_emails.php . The vulnerability is a PHP remote file inclusion triggered when register_globals is enabled, allowing an attacker to execute arbitrary PHP code by supplying a URL in the root_path parameter. The connected document...
CVE-2007-4906
PHP remote file inclusion vulnerability in tasks/sendqueuedemails.php in NuclearBB Alpha 2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...
NuclearBB send_queued_emails.php远程文件包含漏洞
NuclearBB是一款基于PHP的WEB应用程序。 NuclearBB不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是由于'sendqueuedemails.php'脚本对用户提交的'rootpath'参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以以WEB权限执行任意命令。 NuclearBB Alpha 2.0 目前没有解决方案提供: http://www.nuclearbb.com/...
NuclearBB Alpha 2 (root_path) Remote File Inclusion Vulnerability
No description provided by source. Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...
nuclearbb-rfi.txt
Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...
NuclearBB Alpha 2 Remote File Inclusion
Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...
NuclearBB Alpha 2 - ROOT_PATH Remote File Inclusion
NuclearBB Alpha 2 - ROOTPATH Remote File Inclusion Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...
NuclearBB Alpha 2 - 'ROOT_PATH' Remote File Inclusion
Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...
NuclearBB Alpha 2 (root_path) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================= NuclearBB Alpha 2 rootpath Remote File Inclusion Vulnerability ================================================================= Vuln Product: NuclearBB Alpha 2 Vendor:...
NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities
NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $POST'submit' ---------------------------- username=xyz...
nuclearbb-sql.txt
NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $POST'submit' ---------------------------- username=xyz...
NuclearBB Alpha 1 - Multiple SQL Injections
NuclearBB Alpha 1 - Multiple SQL Injections source: https://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attack...
NuclearBB Alpha 1 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...