61 matches found
CVE-2008-3710
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 scriptpath parameter to a options.php and the 2 langcode parameter to b copyvip.php and c processeditboard.php in...
CVE-2008-3709
Multiple cross-site scripting XSS vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the 1 lOptionsOptions, 2 lNavAdminOptions, or 3 lNavReturn parameter to options.php; or the 4 lNavReturn parameter to subscribe.php...
CVE-2008-3709
Multiple cross-site scripting XSS vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the 1 lOptionsOptions, 2 lNavAdminOptions, or 3 lNavReturn parameter to options.php; or the 4 lNavReturn parameter to subscribe.php...
CVE-2008-3709
CVE-2008-3709 describes multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21. The issue allows remote attackers to inject arbitrary web script or HTML via parameters in options.php (lOptionsOptions, lNavAdminOptions) or subscribe.php (lNavReturn). The connected records co...
CVE-2008-3710
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 scriptpath parameter to a options.php and the 2 langcode parameter to b copyvip.php and c processeditboard.php in...
CVE-2008-3707
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...
CVE-2008-3710
CVE-2008-3710 relates to CyBoards PHP Lite 1.21, where multiple directory traversal flaws allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to options.php and the (2) lang_code parameter to copy_vip.php and proce...
CVE-2008-3707
CVE-2008-3707 describes multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite (versions around 1.21/1.25) that allow an attacker to execute arbitrary PHP code by supplying a malicious URL in the script_path parameter to a long list of scripts (e.g., flat_read.php, post.php, proc...
cyboards-rfilfixss.txt
┌┌─────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └─────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...
Sql injection
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...
CVE-2007-3627
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...
CVE-2007-3627
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...
CVE-2007-3627
CVE-2007-3627 concerns PHP Lite Calendar Express 2.2 with multiple SQL injection flaws exploitable via the cid parameter in login.php, auth.php, and subscribe.php. The vulnerability allows remote attackers to inject arbitrary SQL commands. The note states that month.php, year.php, week.php, and d...
CyBoards PHP Lite Default_Header.PHP远程文件包含漏洞
CyBoards PHP Lite是一款基于PHP的WEB应用程序。 CyBoards PHP Lite不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'DefaultHeader.PHP'脚本对用户提交的WEB参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Cyboards PHP Lite 1.21 目前没有解决方案提供: http://www.gold-sonata.com/index.phtml?content=script/forums&menu=script Coded by bd0rk || SOH-Cr...
Remote file inclusion
PHP remote file inclusion vulnerability in include/defaultheader.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter, a different vector than CVE-2006-2871...
CVE-2007-1983
PHP remote file inclusion vulnerability in include/defaultheader.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter, a different vector than CVE-2006-2871...
CVE-2007-1983
CVE-2007-1983 is a PHP remote file inclusion vulnerability in CyBoards PHP Lite 1.21. The issue affects the include/default_header.php script, where a remote attacker can supply a URL via the script_path parameter to execute arbitrary PHP code. This is described as a different vector from CVE-200...
CyBoards PHP Lite 1.21 (script_path) Remote File Include Exploit
No description provided by source. !/usr/bin/perl CyBoards PHP Lite 1.21 scriptpath Remote File Include Exploit Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shell variable Greetings: str0ke, TheJT, Kacper, Lu7k, Maik Vulnerable Code: include"$scriptpath/include/defaultstyle.css";...
CyBoards PHP Lite 1.21 (script_path) Remote File Include Exploit
Exploit for unknown platform in category web applications ================================================================ CyBoards PHP Lite 1.21 scriptpath Remote File Include Exploit ================================================================ !/usr/bin/perl CyBoards PHP Lite 1.21 scriptpat...
CyBoards PHP Lite 1.21 - script_path Remote File Inclusion
CyBoards PHP Lite 1.21 - scriptpath Remote File Inclusion !/usr/bin/perl CyBoards PHP Lite 1.21 scriptpath Remote File Include Exploit Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shell variable Greetings: str0ke, TheJT, Kacper, Lu7k, Maik Vulnerable Code:...