15 matches found
EUVD-2005-0675
Malware in sbrugna...
PABox 1.6 Password Reset Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8067/info paBox is prone to an issue that may allow unauthenticated remote users to reset administrative passwords. This could permit unauthorized access to the administrative Control Panel...
PABox 2.0 Post Icon HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12796/info paBox is reportedly affected by a HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. The...
PABox管理控制面板PHP代码注入漏洞
BUGTRAQ: 8068 paBox的管理员控制面板模块在增加禁止用户访问功能上存在问题,远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。 用户如果可以登录管理员控制版面,由于bannedusers.php脚本对用户提交的URI变量缺少充分检查,攻击者可以通过全局注入来进行变量定义,指定远程系统中的PHP文件作为参数提交给 $file 变量,可导致以WEB进程权限执行PHP文件中包含的恶意代码。 paBox 1.6 厂商补丁: PHP Arena --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
PABox非授权重设用户口令漏洞
BUGTRAQ: 8067 paBox由于用户提交的输入缺少充分过滤,远程攻击者可以利用这个漏洞重设管理员的用户名和密码。 重设管理员用户名和密码就可以未授权控制应用程序。 paBox 1.6 厂商补丁: PHP Arena --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.phparena.net/pabox.php...
pabox20.txt
pabox 2.0 no longer includes the Date and Time parameters in the POST data sent with your shout. The date and time parameters in previous versions were vulnerable to a cross site scripting attack. Now however in version 2.0 if you setup paBox to include an icon with your topic... eg: :winkface:...
[XSS] paBox 2.0
pabox 2.0 no longer includes the Date and Time parameters in the POST data sent with your shout. The date and time parameters in previous versions were vulnerable to a cross site scripting attack. Now however in version 2.0 if you setup paBox to include an icon with your topic... eg: :winkface:...
paBox pabox.php posticon Parameter XSS
The remote host is running paBox, a web application written in PHP. The remote version of paBox installed on the remote host does not properly sanitize input supplied through the 'posticon' parameter used to select a 'smilie' for a post. By exploiting this flaw, an attacker can inject HTML and...
PABox 2.0 - Post Icon HTML Injection
PABox 2.0 - Post Icon HTML Injection source: https://www.securityfocus.com/bid/12796/info paBox is reportedly affected by a HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Th...
PHP-Nuke paBox Module Hidden Parameter XSS
Binary data 2702.prm...
PABox 2.0 - Post Icon HTML Injection
source: https://www.securityfocus.com/bid/12796/info paBox is reportedly affected by a HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. The attacker-supplied HTML and script...
CVE-2005-0674
Cross-site scripting XSS vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request...
CVE-2005-0674
The CVE-2005-0674 entry concerns the paBox 1.6 News module, where a cross-site scripting (XSS) flaw exists in the News module’s handling of the hidden text parameter in an HTTP POST. The connected documents corroborate an XSS issue affecting paBox/Nuke-based deployments (e.g., Nessus plugin refer...
[XSS] paBox 1.6
Just wanted to let it be known seeing as i havent seen any info on this yet, ive discovered a cross scripting problem in PABox 1.6 http://phpnuke.org/modules.php?name=News&file=article&sid=5065 they give a demo page of pabox there. if you take the default form used for the shoutbox, there are...
CVE-2005-0674
Cross-site scripting XSS vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request...