Lucene search
K

196 matches found

CVE
CVE
added 2007/12/17 6:0 p.m.50 views

CVE-2007-6396

CVE-2007-6396 is a direct static code injection vulnerability in index.php of Flat PHP Board 1.2 and earlier. It allows remote attackers to inject arbitrary PHP code through the (1) username, (2) password, and (3) email parameters when registering a user account, with code execution possible via ...

7.5CVSS7.3AI score0.02412EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/12/17 6:0 p.m.20 views

CVE-2007-6398

Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpbusername cookie...

7.2AI score0.02447EPSS
Exploits0References4
CVE
CVE
added 2007/12/17 6:0 p.m.45 views

CVE-2007-6398

CVE-2007-6398 affects Flat PHP Board 1.2 and earlier. The issue allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account by manipulating the fpb_username cookie. The description, as reported in multiple sources (NVD/NVT CVE entry and related database...

5CVSS7.2AI score0.02447EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/12/17 6:0 p.m.46 views

CVE-2007-6397

CVE-2007-6397 affects Flat PHP Board 1.2 and earlier. The vulnerability arises from directory traversal in index.php, enabling remote attackers to (1) create arbitrary files via .. in the username during user registration, and (2) read arbitrary PHP files via .. in (a) the topic parameter for a t...

5CVSS7AI score0.02798EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/12/17 6:0 p.m.23 views

CVE-2007-6397

Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to 1 create arbitrary files via a .. dot dot in the username parameter when registering a user account, and 2 read arbitrary PHP files via a .. dot dot in a the topic parameter in a...

7AI score0.02798EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/12/17 6:0 p.m.23 views

CVE-2007-6399

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action...

6.3AI score0.0207EPSS
Exploits0References4
securityvulns
securityvulns
added 2007/12/13 12:0 a.m.56 views

Flat PHP Board <= 1.2 Multiple Vulnerabilities

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2007/12/10 12:0 a.m.29 views

flatphp-multi.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Flat PHP...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/12/10 12:0 a.m.12 views

Flat PHP Board <= 1.2 Multiple Vulnerabilities

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/12/09 12:0 a.m.32 views

Flat PHP Board <= 1.2 Multiple Vulnerabilities

Exploit for unknown platform in category web applications ============================================== Flat PHP Board | |||| /| / / --------------------------------------------------------------- Flat PHP Board = 1.2 Multiple Vulnerabilities...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/12/09 12:0 a.m.13 views

Flat PHP Board 1.2 - Multiple Vulnerabilities

Flat PHP Board 1.2 - Multiple Vulnerabilities --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/12/09 12:0 a.m.48 views

Flat PHP Board 1.2 - Multiple Vulnerabilities

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Flat PHP...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2007/10/26 7:0 p.m.19 views

CVE-2002-2322

Ultimate PHP Board UPB 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords...

6.8AI score0.01388EPSS
Exploits0References3
CVE
CVE
added 2007/10/20 10:0 a.m.35 views

CVE-2003-1401

CVE-2003-1401 affects php-Board 1.0 where login.php stores plaintext passwords in a file named $username.txt under the web document root with insufficient access controls. This allows remote attackers to directly request the file and obtain sensitive credentials, causing partial confidentiality i...

5.8CVSS6.5AI score0.01757EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2007/10/18 10:0 a.m.19 views

CVE-2002-2276

Ultimate PHP Board UPB 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message...

6.3AI score0.01309EPSS
Exploits1References3
CVE
CVE
added 2007/10/18 10:0 a.m.50 views

CVE-2002-2276

Ultimate PHP Board (UPB) 1.0 exposes a path disclosure: a direct request to add.php allows remote attackers to view the physical path of the message board via the error message. This is a remote information-disclosure vulnerability (CVE-2002-2276). Exploitation details are described across multip...

5CVSS6.4AI score0.01309EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2007/04/24 8:19 p.m.9 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...

7.5CVSS8.2AI score0.03386EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2007/04/24 8:0 p.m.35 views

CVE-2007-2204

The CVE-2007-2204 entries describe multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1. An attacker could trigger arbitrary PHP code execution by supplying a URL in the root_path parameter for include/db.mysql.inc.php or include/gpb.inc.php, or via the ...

7.5CVSS7.7AI score0.03386EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/03/20 10:19 a.m.15 views

CVE-2006-7169

PHP remote file inclusion vulnerability in includes/headersimple.php in Ultimate PHP Board UPB 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGskindir parameter...

6.8CVSS7.6AI score0.05056EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2007/01/02 12:0 a.m.43 views

Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution

The remote host is running Ultimate PHP Board UPB. The version of UPB installed on the remote host does not sanitize input to the 'username' parameter of the 'chat/login.php' script before writing it to 'chat/text.php'. Regardless of PHP's settings, an attacker can leverage this flaw to inject...

7.5CVSS6AI score0.02215EPSS
Exploits0References1
Rows per page
Query Builder