Lucene search
K

196 matches found

securityvulns
securityvulns
added 2003/02/18 12:0 a.m.30 views

php-Board (php)

Informations : °°°°°°°°°°°°°° Website : http://www.hp-planet.de Version : 1 Problem : Informations disclosure PHP Code/Location : °°°°°°°°°°°°°°°°°°° login.php : ----------------------------------------- function passwd2$user $password="nicht registriert"; if fileexists"user/".$user.".txt" $fp =...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2003/02/15 12:0 a.m.25 views

PHP-Board 1.0 - User Password Disclosure

PHP-Board 1.0 - User Password Disclosure source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain acce...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/15 12:0 a.m.35 views

PHP-Board 1.0 - User Password Disclosure

source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.12 views

CVE-2002-1821

Ultimate PHP Board UPB 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to 1 adminmembers.php, 2 adminconfig.php, 3 admincat.php, or 4 adminforum.php...

4.6CVSS6.7AI score0.00667EPSS
Exploits0References2
NVD
NVD
added 2002/12/31 5:0 a.m.15 views

CVE-2002-1820

register.php in Ultimate PHP Board UPB 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."...

9.8CVSS9.4AI score0.02375EPSS
Exploits0References3
NVD
NVD
added 2002/12/31 5:0 a.m.15 views

CVE-2002-2276

Ultimate PHP Board UPB 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message...

5CVSS6.4AI score0.01309EPSS
Exploits1References3
NVD
NVD
added 2002/12/31 5:0 a.m.17 views

CVE-2002-2322

Ultimate PHP Board UPB 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords...

5CVSS6.8AI score0.01388EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2002/12/31 12:0 a.m.6 views

PT-2002-2542 · Unknown · Ultimate Php Board

Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board UPB versions 1.0 and 1.0b Description: The issue allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a", since the administrative account Admin with a capital...

9.8CVSS6.5AI score0.02375EPSS
Exploits0References5
securityvulns
securityvulns
added 2002/12/09 12:0 a.m.27 views

XSS and Path Disclosure in UPB

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: XSS and Path Disclosure in UPB product: Ultimate PHP Board UPB final beta 1.0 vendor: http://www.webrc.ca/php/upb.php risk: middle date: 12/7/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory url: http://f0kp.iplus.ru/bz/009.txt...

5.8AI score
Exploits0
exploitpack
exploitpack
added 2002/11/08 12:0 a.m.14 views

Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting

Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6335/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. By passing a malicious script co...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/11/08 12:0 a.m.33 views

Ultimate PHP Board Board 1.0 final Beta - 'viewtopic.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6335/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. By passing a malicious script code to the viewtopic.php script, UPB may return the script code to the browser...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2002/09/06 12:0 a.m.36 views

upb.admin.txt

product: Ultimate PHP Board UPB version: Public Beta 1.0b !!FIXED vendor: http://www.webrc.ca/php/upb.php summary: upb allow to any user have access levels 3 to have admin premissions exploit: yes Fix: yes Exploited by Hipik memmbers of www.hackeri.org Bosnians Security Portal email:[email protected]...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/04/25 12:0 a.m.12 views

Ultimate PHP Board 1.01.1 - Image Tag Script Injection

Ultimate PHP Board 1.01.1 - Image Tag Script Injection source: https://www.securityfocus.com/bid/4603/info Ultimate PHP Board UPB is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Ultimate PHP Board does not filter script code from...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2002/04/25 12:0 a.m.34 views

Ultimate PHP Board 1.0/1.1 - Image Tag Script Injection

source: https://www.securityfocus.com/bid/4603/info Ultimate PHP Board UPB is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Ultimate PHP Board does not filter script code from image tags. This may allow an attacker to include scri...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/04/23 12:0 a.m.45 views

Security holes : Ultimate PHP Board

Product : Ultimate PHP Board http://xcrew.host.sk Versions : 1.0 Beta 1.1 Problems : 1.0 B : - Reading of privates messages 1.1 & 1.0 B : - Access to users/admins accounts Exploits : 1.0 B : - /members/ID.pm - /members/ID.xbb 1.1 : - imgjavascript:window.open' index.php?...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/03/05 12:0 a.m.141 views

ReBB javascripts vulnerability

Hi! Another php - board named ReBB http://www.rebb.net has a img vulnerability. Exploit: Use this string my favorite : - imgjavascript:alert'test'/img Possible decision: All urls in img tag should start with http:// SliderGod...

Exploits0
Rows per page
Query Builder