EUVD-2015-3052

Malware in sbrugna...

LEMON-S PHP Simple Oekaki BBS Arbitrary File Deletion Vulnerability

LEMON-S PHP Simple Oekaki BBS is a PHP-based electronic bulletin board BBS script. A security vulnerability exists in the index.php script of LEMON-S PHP Simple Oekaki BBS versions prior to 1.21. A remote attacker can exploit the vulnerability to delete arbitrary files with the help of the...

LEMON-S PHP Simple Oekaki BBS Cross-Site Scripting Vulnerability

LEMON-S PHP Simple Oekaki BBS is a PHP-based electronic bulletin board BBS script. A cross-site scripting vulnerability exists in the index.php script in LEMON-S PHP Simple Oekaki BBS versions prior to 1.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2015-2970

index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter...

Code injection

index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter...

CVE-2015-2969

Cross-site scripting XSS vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to inject arbitrary web script or HTML via the oekakis parameter...

Simple Oekaki BBS vulnerability where arbitrary files may be deleted

Overview Simple Oekaki BBS provided by LEMON-S PHP contains a flaw in parsing the oekakis parameter in index.php, which may allow a remote attacker to delete arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...