2180 matches found
CVE-2005-1026
The CVE-2005-1026 entry concerns SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods. The flaws allow remote attackers to execute arbitrary SQL commands via (1) the file_id parameter to dlman.php in DLMan Pro and (2) the id parameter to links.php in Linkz Pro (aka LinksLinks Pro). This ...
CVE-2005-1026
Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the 1 fileid parameter to dlman.php in DLMan Pro or 2 id parameter to links.php in Linkz Pro aka LinksLinks Pro...
phpBB Upload Script "up.php" Arbitrary File Upload
Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...
CVE-2005-1047
Meilad File upload script up.php mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory...
PT-2005-2067 · Phpbb · Phpbb
Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.x Description: The issue concerns a file upload script, specifically the mod for phpBB, which fails to properly restrict the types of files that can be uploaded. This allows remote authenticated users to execute arbitrary...
SQL INJECTION in DLMan Pro. PHPBB Mod.
SQL Injection was found in the Variable $fileid in : DLMan Pro' Mod vulnerable system : phpBB 2.0.x exploit : dlman.php?func=fileinfo&fileid='SQL Injection Bug Found by : LovER BOY SecurityGurus Team www.securitygurusd0tNet...
phpBB 2.0.13 DLMan Pro Module - SQL Injection
phpBB 2.0.13 DLMan Pro Module - SQL Injection source: https://www.securityfocus.com/bid/13028/info The DLMan Pro mod for phpBB is reportedly affected by an SQL Injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an...
phpBB 2.0.13 Linkz Pro Module - SQL Injection
phpBB 2.0.13 Linkz Pro Module - SQL Injection source: https://www.securityfocus.com/bid/13030/info The Linkz Pro mod for phpBB is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an...
phpBB 2.0.13 DLMan Pro Module - SQL Injection
source: https://www.securityfocus.com/bid/13028/info The DLMan Pro mod for phpBB is reportedly affected by an SQL Injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resu...
phpBB 2.0.13 Linkz Pro Module - SQL Injection
source: https://www.securityfocus.com/bid/13030/info The Linkz Pro mod for phpBB is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resul...
SQL INJECTION in LinksLinks Pro. PHPBB Mod.
SQL Injection was found in the Variable $id in : LinksLinks Pro Mod vulnerable system : phpBB 2.0.x exploit : links.php?func=show&id='SQL Injection Bug Found by : LovER BOY SecurityGurus Team www.securitygurusd0tNet...
phpBB <= 2.0.13 'Calendar Pro' mod Remote Exploit
No description provided by source. !/usr/bin/perl -w use IO::Socket; Example: C:\calphpbb.pl www.site.com /phpBB2/ 2 'Calendar Pro' Mod for phpBB Connecting... + Connected! Sending Data... Data Sent, Waiting for response... + MD5 Hash for user with id=2 is: 81dc9bdb52d04dc20036dbd8313ed055 if @AR...
phpBB 2.0.13 - Calendar Pro mod Get Hash
phpBB 2.0.13 - Calendar Pro mod Get Hash !/usr/bin/perl -w use IO::Socket; Example: C:\calphpbb.pl www.site.com /phpBB2/ 2 'Calendar Pro' Mod for phpBB Connecting... + Connected! Sending Data... Data Sent, Waiting for response... + MD5 Hash for user with id=2 is: 81dc9bdb52d04dc20036dbd8313ed055 ...
phpBB 2.0.13 - 'Calendar Pro' mod Get Hash
!/usr/bin/perl -w use IO::Socket; Example: C:\calphpbb.pl www.site.com /phpBB2/ 2 'Calendar Pro' Mod for phpBB Connecting... + Connected! Sending Data... Data Sent, Waiting for response... + MD5 Hash for user with id=2 is: 81dc9bdb52d04dc20036dbd8313ed055 if @ARGV \n"; print " e.g.: calphpbb.pl...
phpBB 2.0.13 - 'downloads.php' mod Get Hash
!/usr/bin/perl -w use IO::Socket; Example: C:\phpbb.pl www.site.com /phpBB2/ 2 downloads.php mod in phpBB \n"; print " e.g.: phpbb.pl www.site.com /phpBB2/ 2 \n"; print " - site address\n"; print " - forum folder\n"; print " - user id 2 default for phpBB admin\n"; print "||\n"; print "\n\n"; exit...
phpBB 2.0.13 - downloads.php mod Get Hash
phpBB 2.0.13 - downloads.php mod Get Hash !/usr/bin/perl -w use IO::Socket; Example: C:\phpbb.pl www.site.com /phpBB2/ 2 downloads.php mod in phpBB \n"; print " e.g.: phpbb.pl www.site.com /phpBB2/ 2 \n"; print " - site address\n"; print " - forum folder\n"; print " - user id 2 default for phpBB...
phpBB <= 2.0.13 'downloads.php' mod Remote Exploit
No description provided by source. !/usr/bin/perl -w use IO::Socket; Example: C:\phpbb.pl www.site.com /phpBB2/ 2 downloads.php mod in phpBB = 2.0.13 Connecting... + Connected! Sending Data... Data Sent, Waiting for response... + MD5 Hash for user with id=2 is: 81dc9bdb52d04dc20036dbd8313ed055 if...
CVE-2005-0871
The CVE-2005-0871 entry describes a vulnerability in the Topic Calendar 1.0.1 module for phpBB. When run on Microsoft IIS, remote attackers can obtain sensitive information by supplying invalid parameters, which cause error messages to reveal the server path. The affected component is calendar_sc...
CVE-2005-0872
Cross-site scripting XSS vulnerability in calendarscheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter...
CVE-2005-0872
Topic Calendar 1.0.1 for phpBB is affected. The vulnerability is a cross-site scripting (XSS) flaw in calendar_scheduler.php that allows remote attackers to inject arbitrary web script or HTML through the start parameter. This is documented in multiple sources (OpenVAS entry “Topic Calendar XSS” ...