812 matches found
CVE-2004-2438
Cross-site scripting XSS vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the 1 Submit News, 2 Submit Link or 3 Submit Article field...
CVE-2004-2438
PHP-Fusion 4.01 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the Submit News, Submit Link, or Submit Article fields. The CVE-2004-2438 entry documents this XSS issue across multiple input points but provides limi...
PHP-Fusion 4.05.06.0 - messages.php SQL Injection
PHP-Fusion 4.05.06.0 - messages.php SQL Injection source: https://www.securityfocus.com/bid/14489/info PHP-Fusion is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'messages.php' script before using it in ...
PHP-Fusion 4.0/5.0/6.0 - 'messages.php' SQL Injection
source: https://www.securityfocus.com/bid/14489/info PHP-Fusion is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'messages.php' script before using it in an SQL query. Successful exploitation could result...
PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection
PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection / ahh I was hoping for some socket code : /str0ke Dark Assassins - http://dark-assassins.com/ Visit us on IRC @ irc.tddirc.net DarkAssassins PHP-Fusion img/img exploit Discovered/Coded by Easyex Using the img /img codes we can get an...
PHP-Fusion <= 6.0 106 BBCode IMG Tag Script Injection Exploit
No description provided by source. / ahh I was hoping for some socket code : /str0ke Dark Assassins - http://dark-assassins.com/ Visit us on IRC @ irc.tddirc.net DarkAssassins PHP-Fusion img/img exploit Discovered/Coded by Easyex Using the img /img codes we can get an administrator to do a functi...
PHP-Fusion <= 6.0 106 BBCode IMG Tag Script Injection Exploit
Exploit for unknown platform in category web applications ============================================================= PHP-Fusion deluser ./fusionimg banuser ./fusionimg delshout ./fusionimg deladmin is the PHP-Fusion version. enter 6.x or 5.x depending on the version number. is the start point ...
PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection
/ ahh I was hoping for some socket code : /str0ke Dark Assassins - http://dark-assassins.com/ Visit us on IRC @ irc.tddirc.net DarkAssassins PHP-Fusion img/img exploit Discovered/Coded by Easyex Using the img /img codes we can get an administrator to do a function a normal member cannot do. For...
CVE-2005-2401
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets CSS via the BBCode color tag...
CVE-2005-2401
PHP-Fusion is affected by CVE-2005-2401: remote attackers can inject arbitrary CSS through the BBCode color tag in posts. The related Nessus plugin and CVE records indicate this affects PHP-Fusion builds around the 6.0x line (e.g.,
CVE-2005-2401
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets CSS via the BBCode color tag...
[SA16096] PHP-Fusion BBcode "color" CSS Code Insertion Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities
According to its banner, the remote host is running a version of PHP-Fusion that is affected by multiple vulnerabilities : - An Information Disclosure Vulnerability PHP Fusion stores database backups in a known location within the web server's documents directory. An attacker may be able to...
PHP-Fusion < 6.00.107 Multiple Vulnerabilities
Binary data 3100.prm...
[EXPL] PHP-Fusion Accessible Database Backups Download (Exploit)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
CVE-2005-2074
Cross-site scripting XSS vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the 1 newsbody, 2 articledescription, or 3 articlebody parameters to submit.php...
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/dbbackups directory in PHP-Fusion 6.0 ...
CVE-2005-2074
Cross-site scripting XSS vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the 1 newsbody, 2 articledescription, or 3 articlebody parameters to submit.php...
CVE-2005-2074
CVE-2005-2074 affects PHP-Fusion 6.0.105: a cross-site scripting (XSS) vulnerability in submit.php that can inject arbitrary HTML/Script via the news_body, article_description, or article_body parameters. Exploitation details are documented in connected sources; there is no explicit patched versi...
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/dbbackups directory in PHP-Fusion 6.0 ...