196 matches found
CVE-2007-6396
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...
CVE-2007-6395
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/...
CVE-2007-6396
CVE-2007-6396 is a direct static code injection vulnerability in index.php of Flat PHP Board 1.2 and earlier. It allows remote attackers to inject arbitrary PHP code through the (1) username, (2) password, and (3) email parameters when registering a user account, with code execution possible via ...
CVE-2007-6395
Flat PHP Board 1.2 and earlier stores credentials under the web root with insufficient access control. The vulnerability allows remote attackers to obtain credentials by directly requesting the username.php file for any user account in users/. The CVE is documented with an access-control bypass i...
CVE-2007-6398
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpbusername cookie...
CVE-2007-6397
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to 1 create arbitrary files via a .. dot dot in the username parameter when registering a user account, and 2 read arbitrary PHP files via a .. dot dot in a the topic parameter in a...
Flat PHP Board <= 1.2 Multiple Vulnerabilities
--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
Flat PHP Board <= 1.2 Multiple Vulnerabilities
No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...
flatphp-multi.txt
--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Flat PHP...
Flat PHP Board 1.2 - Multiple Vulnerabilities
Flat PHP Board 1.2 - Multiple Vulnerabilities --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
Flat PHP Board <= 1.2 Multiple Vulnerabilities
Exploit for unknown platform in category web applications ============================================== Flat PHP Board | |||| /| / / --------------------------------------------------------------- Flat PHP Board = 1.2 Multiple Vulnerabilities...
Flat PHP Board 1.2 - Multiple Vulnerabilities
--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Flat PHP...
CVE-2002-2322
Ultimate PHP Board UPB 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords...
CVE-2003-1401
CVE-2003-1401 affects php-Board 1.0 where login.php stores plaintext passwords in a file named $username.txt under the web document root with insufficient access controls. This allows remote attackers to directly request the file and obtain sensitive credentials, causing partial confidentiality i...
CVE-2002-2276
Ultimate PHP Board (UPB) 1.0 exposes a path disclosure: a direct request to add.php allows remote attackers to view the physical path of the message board via the error message. This is a remote information-disclosure vulnerability (CVE-2002-2276). Exploitation details are described across multip...
CVE-2002-2276
Ultimate PHP Board UPB 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...
CVE-2007-2204
The CVE-2007-2204 entries describe multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1. An attacker could trigger arbitrary PHP code execution by supplying a URL in the root_path parameter for include/db.mysql.inc.php or include/gpb.inc.php, or via the ...
CVE-2006-7169
PHP remote file inclusion vulnerability in includes/headersimple.php in Ultimate PHP Board UPB 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGskindir parameter...
Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution
The remote host is running Ultimate PHP Board UPB. The version of UPB installed on the remote host does not sanitize input to the 'username' parameter of the 'chat/login.php' script before writing it to 'chat/text.php'. Regardless of PHP's settings, an attacker can leverage this flaw to inject...