CVE-2006-6593

CVE-2006-6593: PHP remote file inclusion in zufallscodepart.php of AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Documented impact is partial confidentiality/integrity/availability. Connected sources confirm the RFI root c...

CVE-2006-6508

Cross-site request forgery CSRF vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6508

Cross-site request forgery CSRF vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6508

Cross-site request forgery CSRF vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6508

CVE-2006-6508 is a Cross-site request forgery (CSRF) affecting phpBB 2.0.21. The issue allows a remote authenticated user to perform actions (send unauthorized messages as another user) via unspecified vectors. Root cause details are not fully disclosed in the provided documents, but Debian/DSA-1...

CVE-2006-6459

Cross-site scripting XSS vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the 1 Name and 2 Information fields when adding a new site toplistnew action...

CVE-2006-6459

Cross-site scripting XSS vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the 1 Name and 2 Information fields when adding a new site toplistnew action...

CVE-2006-6459

CVE-2006-6459 describes a cross-site scripting (XSS) vulnerability in PhpBB Toplist 1.3.7. The flaw resides in toplist.php, allowing remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (action: toplistnew). The CVSS metrics in...

toplist-xss.txt

LiderHack.Org script name : PhpBB Toplist 1.3.7 Dork : toplist.php?f=toplistnew Risk : High Found By : St@rExT Vulnerable file : Toplist.php New add sites addres: toplist.php?f=toplistnew Name: xss code & Information: xss code & Name: Your name & Name: alert"yourmessage" example sites :...

PHPBB Toplist多个HTML注入漏洞

PHPBB是一款基于PHP的论坛程序。 PHPBB不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 问题是PHPBB的Toplist对用户提交的WEB参数缺少过滤，提交恶意脚本代码作为参数数据，可导致在目标用户浏览器上执行，泄露敏感信息。 phpBB Toplist 1.3.7 http://www.phpbb.com/...

CVE-2006-6421

Cross-site scripting XSS vulnerability in the private message box implementation privmsg.php in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user...

CVE-2006-6421

Cross-site scripting XSS vulnerability in the private message box implementation privmsg.php in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user...

CVE-2006-6421

Cross-site scripting XSS vulnerability in the private message box implementation privmsg.php in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user...

CVE-2006-6421

CVE-2006-6421 is an XSS in phpBB 2.0.x; the private messaging (privmsg.php) feature allows remote authenticated users to inject arbitrary script/HTML via the Message body when targeting a non-existent user. Affected component: phpBB 2.0.x private messaging; root cause is user-supplied input not s...

AdamIsmayPrintTopicModSQL注入漏洞

Adam Ismay Print Topic Mod是打印标题模块，可适合于phpBB等系统。Adam Ismay Print Topic Mod printview.php脚本不正确处理用户提交的恶意输入，远程攻击者可以利用这个漏洞获得敏感信息或更改系统数据库。Topic Mod printview.php脚本对用户提交给'ordersql'参数的数据缺少充分过滤，提交包含恶意数据可能更改原有数据库逻辑，修改数据库或获得敏感信息。 Adam Ismay Print Topic Mod 1.0 临时解决方法：如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：...

phpBB多个跨站脚本执行漏洞

phpBB是一款由PHP编写的WEB论坛应用程序，支持多种数据库系统，可使用在多种Unix和Linux操作系统下。phpBB多个脚本对用户提交URI输入缺少充分过滤，远程攻击者可以利用这个漏洞进行跨站脚本攻击，可能获得敏感信息。phpBB包含的'index.php'和'faq.php'脚本不正确过滤用户提交的URI输入，提交包含恶意脚本代码的数据作为参数，当其他用户浏览时，可导致基于验证的敏感信息泄露。 phpBB Group phpBB 2.0.8-2.0.8a 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：phpBB Group Upgrade...

phpBBHTTP应答分割攻击及跨站脚本执行漏洞

phpBB是一款由PHP编写的WEB论坛应用程序，支持多种数据库系统，可使用在多种Unix和Linux操作系统下。phpBB的多个脚本存在HTTP应答分割攻击或者跨站脚本攻击，远程攻击者可以利用这个漏洞进行WEB缓冲毒药，劫持也7面，或者敏感信息等攻击。如下两个脚本存在HTTP应答分割攻击：- /phpBB2/privmsg.php 'mode' 参数- /phpBB2/login.php 'redirect'...

PhpBB Toplist 1.3.7 Xss Vuln.

LiderHack.Org script name : PhpBB Toplist 1.3.7 Dork : toplist.php?f=toplistnew Risk : High Found By : St@rExT Vulnerable file : Toplist.php New add sites addres: toplist.php?f=toplistnew Name: xss code & Information: xss code & Name: h1Your name/h1 & Name: scriptalert"yourmessage"/script example...

phpbb 2.0.x [xss]

vendor site:http://phpbb.com/ product:phpbb bug:xss risk:low A xss post has been discovered in phpbb ,the impact of this attack is very low ,because it's more a bug , than a vulnerability . An authentificated user can excute some html code in his private message box , by sending a message to an...

AdamIsmayPrintTopicModSQL注入漏洞 Exploit

No description provided by source. Bartek Nowotarski （[email protected]）提供了如下测试方法：...