Lucene search
K

196 matches found

Cvelist
Cvelist
added 2007/12/17 6:0 p.m.23 views

CVE-2007-6396

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...

7.2AI score0.02412EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/12/17 6:0 p.m.21 views

CVE-2007-6395

Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/...

6.4AI score0.06243EPSS
Exploits0References4
CVE
CVE
added 2007/12/17 6:0 p.m.50 views

CVE-2007-6396

CVE-2007-6396 is a direct static code injection vulnerability in index.php of Flat PHP Board 1.2 and earlier. It allows remote attackers to inject arbitrary PHP code through the (1) username, (2) password, and (3) email parameters when registering a user account, with code execution possible via ...

7.5CVSS7.3AI score0.02412EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/12/17 6:0 p.m.50 views

CVE-2007-6395

Flat PHP Board 1.2 and earlier stores credentials under the web root with insufficient access control. The vulnerability allows remote attackers to obtain credentials by directly requesting the username.php file for any user account in users/. The CVE is documented with an access-control bypass i...

5CVSS6.4AI score0.06243EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/12/17 6:0 p.m.19 views

CVE-2007-6398

Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpbusername cookie...

7.2AI score0.02447EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/12/17 6:0 p.m.22 views

CVE-2007-6397

Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to 1 create arbitrary files via a .. dot dot in the username parameter when registering a user account, and 2 read arbitrary PHP files via a .. dot dot in a the topic parameter in a...

7AI score0.02798EPSS
Exploits0References6
securityvulns
securityvulns
added 2007/12/13 12:0 a.m.56 views

Flat PHP Board <= 1.2 Multiple Vulnerabilities

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2007/12/10 12:0 a.m.12 views

Flat PHP Board <= 1.2 Multiple Vulnerabilities

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/12/10 12:0 a.m.28 views

flatphp-multi.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Flat PHP...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/12/09 12:0 a.m.11 views

Flat PHP Board 1.2 - Multiple Vulnerabilities

Flat PHP Board 1.2 - Multiple Vulnerabilities --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

0.4AI score
Exploits0
0day.today
0day.today
added 2007/12/09 12:0 a.m.31 views

Flat PHP Board <= 1.2 Multiple Vulnerabilities

Exploit for unknown platform in category web applications ============================================== Flat PHP Board | |||| /| / / --------------------------------------------------------------- Flat PHP Board = 1.2 Multiple Vulnerabilities...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/12/09 12:0 a.m.48 views

Flat PHP Board 1.2 - Multiple Vulnerabilities

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Flat PHP...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2007/10/26 7:0 p.m.19 views

CVE-2002-2322

Ultimate PHP Board UPB 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords...

6.8AI score0.01388EPSS
Exploits0References3
CVE
CVE
added 2007/10/20 10:0 a.m.35 views

CVE-2003-1401

CVE-2003-1401 affects php-Board 1.0 where login.php stores plaintext passwords in a file named $username.txt under the web document root with insufficient access controls. This allows remote attackers to directly request the file and obtain sensitive credentials, causing partial confidentiality i...

5.8CVSS6.5AI score0.01757EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2007/10/18 10:0 a.m.49 views

CVE-2002-2276

Ultimate PHP Board (UPB) 1.0 exposes a path disclosure: a direct request to add.php allows remote attackers to view the physical path of the message board via the error message. This is a remote information-disclosure vulnerability (CVE-2002-2276). Exploitation details are described across multip...

5CVSS6.4AI score0.01309EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2007/10/18 10:0 a.m.19 views

CVE-2002-2276

Ultimate PHP Board UPB 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message...

6.3AI score0.01309EPSS
Exploits1References3
Prion
Prion
added 2007/04/24 8:19 p.m.9 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...

7.5CVSS8.2AI score0.03386EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2007/04/24 8:0 p.m.35 views

CVE-2007-2204

The CVE-2007-2204 entries describe multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1. An attacker could trigger arbitrary PHP code execution by supplying a URL in the root_path parameter for include/db.mysql.inc.php or include/gpb.inc.php, or via the ...

7.5CVSS7.7AI score0.03386EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/03/20 10:19 a.m.13 views

CVE-2006-7169

PHP remote file inclusion vulnerability in includes/headersimple.php in Ultimate PHP Board UPB 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGskindir parameter...

6.8CVSS7.6AI score0.05056EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2007/01/02 12:0 a.m.43 views

Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution

The remote host is running Ultimate PHP Board UPB. The version of UPB installed on the remote host does not sanitize input to the 'username' parameter of the 'chat/login.php' script before writing it to 'chat/text.php'. Regardless of PHP's settings, an attacker can leverage this flaw to inject...

7.5CVSS6AI score0.02215EPSS
Exploits0References1
Rows per page
Query Builder