PHPBB2 - 'Admin_Ug_Auth.php' Administrative Bypass

source: https://www.securityfocus.com/bid/22730/info PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access. Successful exploits may result in a complete compromise of vulnerable applications. User Leve...

PHPBB2 - Admin_Ug_Auth.php Administrative Bypass

PHPBB2 - AdminUgAuth.php Administrative Bypass source: https://www.securityfocus.com/bid/22730/info PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access. Successful exploits may result in a complete...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-0656

PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-0656

CVE-2007-0656 is a PHP remote file inclusion vulnerability affecting phpBB2-MODificat 0.2.0 and earlier. The flaw exists in includes/functions.php where an attacker can cause remote PHP code execution by supplying a URL via the phpbb_root_path parameter. Affected software is phpBB2-MODificat vers...

PHPBB2 Modificat PHPBB_Root_Path远程文件包含漏洞

PHPBB2 Modificat是一款基于PHP的WEB应用程序。 PHPBB2 Modificat不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'functions.php'脚本对用户提交的'PHPBBRootPath'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 phpBB2-MODificat phpBB2-MODificat 0.2 目前没有解决方案提供,请关注以下链接： http://sourceforge.net/project/showfiles.php?groupid=110366...

phpBB2 MODificat <= 0.2.0 (functions.php) Remote Include Vulnerability

No description provided by source. ----------------------------------------------- phpBB2 MODificat phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz ----------------------------------------------- Code: includeonce $phpbbrootpath...

phpbb2-rfi.txt

----------------------------------------------- phpBB2 MODificat phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz ----------------------------------------------- Code: includeonce $phpbbrootpath...

PHPBB2 MODificat 0.2.0 - 'functions.php' Remote File Inclusion

----------------------------------------------- phpBB2 MODificat phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz ----------------------------------------------- Code: includeonce $phpbbrootpath...

phpBB2 MODificat (phpbb_root_path) Remote File Include Exploit

----------------------------------------------- phpBB2 MODificat phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz ----------------------------------------------- Code: includeonce $phpbbrootpath...

phpBB2 MODificat <= 0.2.0 (functions.php) Remote Include Vulnerability

Exploit for unknown platform in category web applications ====================================================================== phpBB2 MODificat = 0.2.0 functions.php Remote Include Vulnerability ======================================================================...

PHPBB2 MODificat 0.2.0 - functions.php Remote File Inclusion

PHPBB2 MODificat 0.2.0 - functions.php Remote File Inclusion ----------------------------------------------- phpBB2 MODificat phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz ----------------------------------------------- Code:...

CVE-2006-6842

The CVE-2006-6842 entry describes an SQL injection vulnerability in admin/admin_acronyms.php of Acronym Mod 0.9.5 for phpBB2 Plus 1.53, allowing remote attackers to execute arbitrary SQL commands via the id parameter. Public references (e.g., Exploit-DB 3033) indicate known exploits. Affected com...

CVE-2006-6842

SQL injection vulnerability in admin/adminacronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter...

phpBB2 Plus 1.53 (Acronym Mod) Remote SQL Injection Vulnerability

No description provided by source. Acronym Mod v0.9.5 Remote SQL Injection Vulnerability Download: http://www.codemonkeyx.net Found By: the master exploit:...

phpBB2 Plus 1.53 - Acronym Mod SQL Injection

Acronym Mod v0.9.5 Remote SQL Injection Vulnerability Download: http://www.codemonkeyx.net Found By: the master exploit: http://Target/Path/admin/adminacronyms.php?mode=edit&id=-1%20UNION%20SELECT%20null,userpassword,null%20FROM%20phpbbusers%20where%20userid=2&sid=AdminHash Greetz: str0ke , Dr Ma...

phpBB2 Plus 1.53 - Acronym Mod SQL Injection

phpBB2 Plus 1.53 - Acronym Mod SQL Injection Acronym Mod v0.9.5 Remote SQL Injection Vulnerability Download: http://www.codemonkeyx.net Found By: the master exploit:...

phpBB2 Plus 1.53 (Acronym Mod) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= phpBB2 Plus 1.53 Acronym Mod Remote SQL Injection Vulnerability ================================================================= Acronym Mod v0.9.5 Remote SQL Injection...

PHPBB2多个本地文件包含漏洞

PHPBB2是一款基于PHP的论坛程序。 PHPBB2不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是多个脚本对用户提交的WEB参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 phpBB2 phpBB2 Plus 2.0.13 + phpBB Group phpBB 2.0.13 + phpBB Group phpBB 2.0.12 http://www.phpbb2.de/...

Debian DSA-1066-1 : phpbb2 - missing input sanitising

It was discovered that phpbb2, a web-based bulletin board, does insufficiently sanitise values passed to the 'Font Colour 3' setting, which might lead to the execution of injected code by admin users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...