2176 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the curpassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1603
Cross-site scripting XSS vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the curpassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1603
The CVE-2006-1603 entry concerns a Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, exploitable through the cur_password parameter in profile.php. The affected software is phpBB 2.0.19, and the vulnerability is triggered via user-supplied input that can inject arbitrary script/HTML into ...
CVE-2006-1603
Cross-site scripting XSS vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the curpassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
phpBB v 2.0.X upload html .gif ( "not 2.0.19" )
/ ,, / / '-./.-' .--' '--. / / /"" SpiderZ ForumZ Security | | | | / / '..' = Autore: SpiderZ = phpBB v 2.0.X upload html .gif "not 2.0.19" = Sito: www.spiderz.tk 1° Registrati al seguente forum 2° entra con i tuoi dati 3° vai su "Profilo" su "Carica avatar da PC:" 4° prepara la tua pagina...
phpBB <= 2.0.18 Multiple XSS Vulnerabilities
phpBB is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2006 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
New exploit by SpiderZ
Author: SpiderZ Exploit 01 phpBB 2.0.19 Topic infinitely exploit multiple topic http://spiderz.netsons.org/1.txt Exploit 02 Mini-Nuke v1.8 XSS http://spiderz.netsons.org/3.txt Exploit 03 CuteCast Version 1.2 multiple users http://spiderz.netsons.org/4.txt Exploit 04 IPB v1.x upload html .gif...
Advisory-18.txt
/ -------------------------------------------------------- Neo Security Team NST® - Advisory 18 - 03/03/06 -------------------------------------------------------- Program: phpBB Homepage: http://www.phpbb.com Vulnerable Versions: All phpBB versions Risk: High Risk!! Impact: Multiple DoS...
phpBB <= 2.0.19 Multiple DoS vulnerabilities
/ -------------------------------------------------------- Neo Security Team NST® - Advisory 18 - 03/03/06 -------------------------------------------------------- Program: phpBB Homepage: http://www.phpbb.com Vulnerable Versions: All phpBB versions Risk: High Risk!! Impact: Multiple DoS...
phpBB <= 2.0.18 Remote Bruteforce/Dictionary Attack Tool (updated)
No description provided by source. !/usr/bin/perl Title: PhpBB = 2.0.18 Remote Bruteforce/Dictionary Attack Tool Type: Bruteforce / Dictionary attack New demo: http://rapidshare.de/files/13694254/phpbbbtr.avi.html 1.06 mb Php Email Script data: ? mail$destinataire, $objet, $contenu, "From:...
phpBB <= 2.0.18 Remote Bruteforce/Dictionary Attack Tool (updated)
Exploit for unknown platform in category web applications ================================================================== phpBB Note: Host the php script and replace the line 34 Php script for the email option because win32 don't support Mail::Mailer Changelog: Bruteforce option | Starting...
phpBB 2.0.18 - Remote Brute ForceDictionary (2)
phpBB 2.0.18 - Remote Brute ForceDictionary 2 !/usr/bin/perl Title: PhpBB Note: Host the php script and replace the line 34 Php script for the email option because win32 don't support Mail::Mailer Changelog: Bruteforce option | Starting length | Email option | More fast | Die error disabled |...
CVE-2006-0632
The genrandstring function in phpBB 2.0.19 uses insufficiently random data small value space to create the activation key "validation ID" that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or...
CVE-2006-0632
The genrandstring function in phpBB 2.0.19 uses insufficiently random data small value space to create the activation key "validation ID" that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or...
Design/Logic Flaw
The genrandstring function in phpBB 2.0.19 uses insufficiently random data small value space to create the activation key "validation ID" that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or...
CVE-2006-0632
The genrandstring function in phpBB 2.0.19 uses insufficiently random data small value space to create the activation key "validation ID" that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or...
CVE-2006-0632
The CVE-2006-0632 entry affects phpBB 2.0.19. The gen_rand_string function uses insufficiently random data (small value space) to generate the activation key (validation ID) sent by e-mail when establishing a password, enabling remote attackers to obtain the key and modify passwords for existing ...
Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.
I. DESCRIPTION Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under. II. DETAILS Due to poor design the genrandstring can only generate upto 1 million hashes or random strings. This allow an attacker to reset any account through the lost password request form by...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...
CVE-2006-0438
Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...