phpBB (privmsg.php) XSS Exploit

phpBB privmsg.php XSS Exploit By: Demential Web: http://headburn.altervista.org E-mail: [email protected] PhpBB website: http://phpbb.com Exploit tested on phpBB 2.0.21 Secunia.com said: Input passed to the form field "Message body" in privmsg.php is not properly sanitised before it is returned to...

MKPortal Full Path Disclosure

MkPortal Full Path Disclosure Vulnerability discovered by: Demential Web: http://headburn.altervista.org E-mail: infoatburnheaddotit Mkportal website: http://www.mkportal.it Tested on MKPortal M1.1 RC1 with PhpBB other versions may also be affected. http://www.victim.com/mkportal/admin.php?MKPATH...

CVE-2006-6839

CVE-2006-6839 affects phpBB before 2.0.22. The issue is described as an unspecified vulnerability with unknown impact and remote attack vectors related to redirection targets not being properly validated. CVSS base score listed as 10.0 (high impact). Debian/DSA-1488-1 indicates fixes: etch (stabl...

CVE-2006-6840

CVE-2006-6840 affects phpBB up to version 2.0.22 (and some older distributions) where a negative start parameter could lead to invalid output. The available connected sources confirm this as a remote web-app vulnerability in phpBB’s 2.0.x line with limited, unspecified impact and unknown exploita...

CVE-2006-6840

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."...

CVE-2006-6841

Affected product: phpBB (2.x). The issue CVE-2006-6841 arises from forms not performing session checks, enabling CSRF-like actions by an attacker on behalf of a logged-in user. Descriptions consistently indicate unknown impact in the original note, and multiple advisories/OSS records align on thi...

CVE-2006-6839

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."...

CVE-2006-6841

Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors...

phpBB < 2.0.22 Multiple Vulnerabilities

The version of phpBB installed on the remote host fails to properly block 'bad' redirection targets. In addition, it reportedly contains a non-persistent cross-site scripting flaw involving its private messaging functionality and several other issues. At a minimum, a remote attacker can leverage...

CVE-2006-6841

Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors...

CVE-2006-6841

Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors...

CVE-2006-6839

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."...

CVE-2006-6839

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."...

CVE-2006-6840

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."...

CVE-2006-6840

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."...

Acronym Mod v0.9.5 Remote SQL Injection Vulnerability

Acronym Mod v0.9.5 Remote SQL Injection Vulnerability Download: http://www.codemonkeyx.net Found By: the master exploit: http://Target/Path/admin/adminacronyms.php?mode=edit&id=-120UNION20SELECT20null,userpassword,null20FROM20phpbbusers20where20userid=2&sid=AdminHash Greetz: str0ke , Dr Max Virus...

phpBB < 2.0.22 Multiple Vulnerabilities

Binary data 3874.prm...

phpbbxtra20-rfi.txt

----------------------------------------------- PhpbbXtra v2.0 phpbbrootpath Remote File Include Vulnerability ----------------------------------------------- Author: xoron ----------------------------------------------- Vuln Code: include$phpbbrootpath . 'includes/bbcode.'.$phpEx;...

CVE-2006-6593

PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-6593

PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...