CVE-2006-4893

CVE-2006-4893 impacts the phpBB XS project (v0.58 and earlier). The vulnerable component is the file system access in the bb_usage_stats.php (path: bb_usage_stats/includes/bb_usage_stats.php) where a PHP remote file inclusion flaw allows an attacker to supply a URL via the phpbb_root_path paramet...

PT-2006-5647 · Phpbb · Phpbb Xs

Name of the Vulnerable Software and Affected Versions: phpBB XS versions 0.58 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter. This is a different vector than previously identified issues. Recommendations: For php...

SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include

SolpotCrew Community phpBB XS phpbbrootpath Remote File Include Download file : http://www.phpbbxs.eu/dload.php?action=category&catid=2 Bug Found By : NoGe a.k.a dajackass contact: [email protected] Website : http://nyubicrew.org/adv/Nogeadv02.txt Greetz: skulmaticthanks for sharing knowledge...

Noge_adv_02.txt

SolpotCrew Community phpBB XS phpbbrootpath Remote File Include Download file : http://www.phpbbxs.eu/dload.php?action=category&catid=2 Bug Found By : NoGe a.k.a dajackass contact: [email protected] Website : http://nyubicrew.org/adv/Nogeadv02.txt Greetz: skulmaticthanks for sharing knowledge...

CVE-2006-4780

CVE-2006-4780 affects phpBB XS 0.58 and earlier. The vulnerability is a PHP remote file inclusion in includes/functions.php that allows an attacker to execute arbitrary PHP code by supplying a crafted URL via the phpbb_root_path parameter. This is a server-side code injection impacting systems ru...

CVE-2006-4779

CVE-2006-4779 concerns a PHP remote file inclusion vulnerability in the release path for Vitrax Premodded phpBB 1.0.6-R3 and earlier. The flaw resides in the include routine, specifically in includes/functions_portal.php , where an attacker can supply a URL via the phpbb_root_path parameter to ca...

CVE-2006-4780

PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-4758

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/adminboard.php with an avatarpath parameter ending in .php%00...

CVE-2006-4758

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/adminboard.php with an avatarpath parameter ending in .php%00...

CVE-2006-4758

CVE-2006-4758 affects phpBB 2.0.21 where an authenticated forum administrator can upload files by crafting the avatar_path parameter ending with .php%00. The vulnerability arises in the handling of pathnames ending in %00, enabling arbitrary file uploads. Public references in Debian OpenVAS entri...

CVE-2006-4758

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/adminboard.php with an avatarpath parameter ending in .php%00...

phpNULL.txt

Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte vulnerability for perl CGI applications was described in 1...

vitrax.txt

credits: CeNGiZ-HaN contact: [email protected] team: www.system-defacers.org risk: High script: vitrax premodded phpbb script site: www.vitrax.org Exploit: http://target/path/includes/functionsportal.php?phpbbrootpath=phpshell.txt? GreeTz No One =...

AzzCoder => phpBB XS 0.58 Remote File Include

A important vulnerability into functions.php will allow a malicious user to insert a remote file. The Vulnerable Code: includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; The phpbbrootpath isn't initialize and PHPBBIN isn't checked...

Vitrax Pre-modded 1.0.6-r3 - Remote File Inclusion

Vitrax Pre-modded 1.0.6-r3 - Remote File Inclusion credits: CeNGiZ-HaN contact: [email protected] team: www.system-defacers.org risk: High script: vitrax premodded phpbb script site: www.vitrax.org Exploit: http://target/path/includes/functionsportal.php?phpbbrootpath=phpshell.txt?...

phpbb -- NULL byte injection vulnerability

Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatarpath" parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avatar...

phpBB XS <= 0.58 (functions.php) Remote File Include Vulnerability

No description provided by source. Author: AzzCoder Vendor: http://www.phpbbxs.eu/ Vulnerable File: includes/functions.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; Method To Use:...

уязвимости во многих популярных движках из за некоректной работы файловых функций языка PHP

уязвимость например имеет место быть в таких популярных форумах как phpBB и punBB, удачная эксплуатация происходит при подмене пути загрузки аватары, и загрузки аватары с PHP кодом например в EXIF заголовке. КОД: copy'1.jpg', "./dirforupload/1.php0"."/2.jpg"; или copy'1.jpg',...

Vitrax Pre-modded 1.0.6-r3 - Remote File Inclusion

credits: CeNGiZ-HaN contact: [email protected] team: www.system-defacers.org risk: High script: vitrax premodded phpbb script site: www.vitrax.org Exploit: http://target/path/includes/functionsportal.php?phpbbrootpath=phpshell.txt? GreeTz No One = milw0rm.com 2006-09-12...

phpBB XS <= 0.58 (functions.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== phpBB XS = 0.58 functions.php Remote File Include Vulnerability ================================================================== Author: AzzCoder Vendor:...