100 matches found
CVE-2004-1967
Open Bulletin Board (OpenBB) 1.0.6 and earlier contains CSRF vulnerabilities in cp_forums.php, cp_usergroup.php, cp_ipbans.php, myhome.php, post.php, and moderator.php that allow remote attackers to execute arbitrary code by including code in an image tag or a link. The PT-2004-2864 entry confirm...
CVE-2004-1966
Open Bulletin Board (OpenBB) 1.0.6 and earlier contains multiple SQL injection flaws allowing remote SQL command execution via parameters: FID in board.php; sortorder, perpage, or id in member.php; forums in search.php; and PID or FID in post.php. Root cause is unvalidated input in these endpoint...
CVE-2004-1969
The CVE-2004-1969 entry concerns Open Bulletin Board (OpenBB)
CVE-2004-1965
OpenBB/Open Bulletin Board (v1.0.6 and earlier) exposes XSS via four vectors: (1) redirect in member.php, (2) to parameter in myhome.php, (3) TID parameter in post.php, and (4) redirect in index.php. The connected nuclei template confirms OpenBB 1.0.6 as vulnerable to open redirect/XSS with these...
OpenBB board.php FID Parameter XSS
The remote host seems to be running OpenBB, a forum management system written in PHP. The remote version of this software is vulnerable to cross-site scripting attacks, through the script 'board.php'. Using a specially crafted URL, an attacker can cause arbitrary code execution for third-party...
OpenBB Multiple SQL Injection
Binary data 1557.prm...
Multiple Vulnerabilities In OpenBB
Vendor : OpenBB Group URL : http://www.openbb.com Version : Open Bulletin Board 1.0.6 && Earlier Risk : Multiple Vulnerabilities Description: OpenBB is a fast, lightweight, powerful bulletin board written in PHP/MySQL. Main features include: full customization via styles templates, instant...
OpenBB 1.0.x - board.php?FID SQL Injection
OpenBB 1.0.x - board.php?FID SQL Injection source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL...
OpenBB 1.0.x - search.php?q SQL Injection
OpenBB 1.0.x - search.php?q SQL Injection source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL...
OpenBB 1.0.x - 'post.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may allow a remote attacker to...
OpenBB 1.0.x - 'post.php?TID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may allow a remote attacker to...
OpenBB 1.0.x - 'myhome.php?to' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may allow a remote attacker to...
OpenBB 1.0.x - 'board.php?FID' SQL Injection
source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may allow a remote attacker to...
OpenBB 1.0.x - 'member.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may allow a remote attacker to...
PT-2004-2864 · Openbb · Openbb
Name of the Vulnerable Software and Affected Versions: OpenBB versions 1.0.6 and earlier Description: The issue allows remote attackers to execute arbitrary code by including the code in an image tag or a link, due to cross-site request forgery CSRF vulnerabilities in several files, including cp...
OpenBB < 1.0.6 - Multiple Vulnerabilities
OpenBB Multiple Vulnerabilities Vendor: OpenBB Group Product: OpenBB Version: getrow; $ftype = $querytype-field'type'; As we can see from...
OpenBB 1.0.6 - Multiple Vulnerabilities
OpenBB 1.0.6 - Multiple Vulnerabilities OpenBB Multiple Vulnerabilities Vendor: OpenBB Group Product: OpenBB Version: getrow; $ftype = $querytype-field'type'; As we can se...
OpenBB 1.0.6 - 'myhome.php' SQL Injection
source: https://www.securityfocus.com/bid/10044/info It has been reported that OpenBB is prone to a vulnerability that may allow malicious users to influence SQL queries of the affected application. This issue is due to a failure of the application to properly sanitize user-supplied URI data. Thi...
OpenBB 1.0.6 - myhome.php SQL Injection
OpenBB 1.0.6 - myhome.php SQL Injection source: https://www.securityfocus.com/bid/10044/info It has been reported that OpenBB is prone to a vulnerability that may allow malicious users to influence SQL queries of the affected application. This issue is due to a failure of the application to...
OpenBB 1.06 SQL Injection
Hello bugtraq readers, A vulnerability exists in OpenBB 1.06 that could allow an attacker to manipulate SQL queries and obtain sensitive information from the database such as the administrator md5 password hash. This vulnerability exists because the index.php script of the application does not...