Lucene search
K

61 matches found

NVD
NVD
added 2008/08/19 7:41 p.m.14 views

CVE-2008-3710

Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 scriptpath parameter to a options.php and the 2 langcode parameter to b copyvip.php and c processeditboard.php in...

5.1CVSS7.3AI score0.01287EPSS
Exploits1References4
NVD
NVD
added 2008/08/19 7:41 p.m.11 views

CVE-2008-3709

Multiple cross-site scripting XSS vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the 1 lOptionsOptions, 2 lNavAdminOptions, or 3 lNavReturn parameter to options.php; or the 4 lNavReturn parameter to subscribe.php...

4.3CVSS5.8AI score0.01033EPSS
Exploits0References4
Cvelist
Cvelist
added 2008/08/19 7:10 p.m.16 views

CVE-2008-3709

Multiple cross-site scripting XSS vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the 1 lOptionsOptions, 2 lNavAdminOptions, or 3 lNavReturn parameter to options.php; or the 4 lNavReturn parameter to subscribe.php...

5.8AI score0.01033EPSS
Exploits0References4
CVE
CVE
added 2008/08/19 7:10 p.m.38 views

CVE-2008-3709

CVE-2008-3709 describes multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21. The issue allows remote attackers to inject arbitrary web script or HTML via parameters in options.php (lOptionsOptions, lNavAdminOptions) or subscribe.php (lNavReturn). The connected records co...

4.3CVSS5.9AI score0.01033EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2008/08/19 7:10 p.m.18 views

CVE-2008-3710

Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 scriptpath parameter to a options.php and the 2 langcode parameter to b copyvip.php and c processeditboard.php in...

7.3AI score0.01287EPSS
Exploits1References4
Cvelist
Cvelist
added 2008/08/19 7:10 p.m.23 views

CVE-2008-3707

Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...

7.4AI score0.01394EPSS
Exploits0References4
CVE
CVE
added 2008/08/19 7:10 p.m.42 views

CVE-2008-3710

CVE-2008-3710 relates to CyBoards PHP Lite 1.21, where multiple directory traversal flaws allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to options.php and the (2) lang_code parameter to copy_vip.php and proce...

5.1CVSS7.3AI score0.01287EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2008/08/19 7:10 p.m.41 views

CVE-2008-3707

CVE-2008-3707 describes multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite (versions around 1.21/1.25) that allow an attacker to execute arbitrary PHP code by supplying a malicious URL in the script_path parameter to a long list of scripts (e.g., flat_read.php, post.php, proc...

7.5CVSS7.6AI score0.01394EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2008/08/14 12:0 a.m.27 views

cyboards-rfilfixss.txt

┌┌─────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └─────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...

7.4AI score
Exploits0
Prion
Prion
added 2007/07/09 4:30 p.m.27 views

Sql injection

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...

7.5CVSS8.6AI score0.0133EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2007/07/09 4:30 p.m.20 views

CVE-2007-3627

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...

7.5CVSS8AI score0.00931EPSS
Exploits1References1
Cvelist
Cvelist
added 2007/07/09 4:0 p.m.20 views

CVE-2007-3627

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...

8AI score0.00931EPSS
Exploits1References1
CVE
CVE
added 2007/07/09 4:0 p.m.56 views

CVE-2007-3627

CVE-2007-3627 concerns PHP Lite Calendar Express 2.2 with multiple SQL injection flaws exploitable via the cid parameter in login.php, auth.php, and subscribe.php. The vulnerability allows remote attackers to inject arbitrary SQL commands. The note states that month.php, year.php, week.php, and d...

7.5CVSS8.1AI score0.00931EPSS
Exploits1References1Affected Software1
seebug.org
seebug.org
added 2007/04/15 12:0 a.m.16 views

CyBoards PHP Lite Default_Header.PHP远程文件包含漏洞

CyBoards PHP Lite是一款基于PHP的WEB应用程序。 CyBoards PHP Lite不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'DefaultHeader.PHP'脚本对用户提交的WEB参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Cyboards PHP Lite 1.21 目前没有解决方案提供: http://www.gold-sonata.com/index.phtml?content=script/forums&menu=script Coded by bd0rk || SOH-Cr...

7.1AI score
Exploits0
Prion
Prion
added 2007/04/12 1:19 a.m.14 views

Remote file inclusion

PHP remote file inclusion vulnerability in include/defaultheader.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter, a different vector than CVE-2006-2871...

7.5CVSS7.7AI score0.03352EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/04/12 1:19 a.m.4 views

CVE-2007-1983

PHP remote file inclusion vulnerability in include/defaultheader.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter, a different vector than CVE-2006-2871...

7.5CVSS6.2AI score0.03352EPSS
Exploits1References6
CVE
CVE
added 2007/04/12 1:0 a.m.42 views

CVE-2007-1983

CVE-2007-1983 is a PHP remote file inclusion vulnerability in CyBoards PHP Lite 1.21. The issue affects the include/default_header.php script, where a remote attacker can supply a URL via the script_path parameter to execute arbitrary PHP code. This is described as a different vector from CVE-200...

7.5CVSS7.3AI score0.02785EPSS
Exploits0References5Affected Software1
seebug.org
seebug.org
added 2007/04/04 12:0 a.m.17 views

CyBoards PHP Lite 1.21 (script_path) Remote File Include Exploit

No description provided by source. !/usr/bin/perl CyBoards PHP Lite 1.21 scriptpath Remote File Include Exploit Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shell variable Greetings: str0ke, TheJT, Kacper, Lu7k, Maik Vulnerable Code: include"$scriptpath/include/defaultstyle.css";...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/04/04 12:0 a.m.50 views

CyBoards PHP Lite 1.21 (script_path) Remote File Include Exploit

Exploit for unknown platform in category web applications ================================================================ CyBoards PHP Lite 1.21 scriptpath Remote File Include Exploit ================================================================ !/usr/bin/perl CyBoards PHP Lite 1.21 scriptpat...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/04/04 12:0 a.m.9 views

CyBoards PHP Lite 1.21 - script_path Remote File Inclusion

CyBoards PHP Lite 1.21 - scriptpath Remote File Inclusion !/usr/bin/perl CyBoards PHP Lite 1.21 scriptpath Remote File Include Exploit Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shell variable Greetings: str0ke, TheJT, Kacper, Lu7k, Maik Vulnerable Code:...

Exploits0
Rows per page
Query Builder