phpBB-Auction Module 1.0/1.2 - 'Auction_Rating.php' SQL Injection

source: https://www.securityfocus.com/bid/13283/info phpbb-auction module is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of...

phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure

phpBB - Knowledge Base MOD SQL-Injection vulnerability and Full Path Disclosure Discovered by R and deluxe89 Discussion: The phpbb - Knowledge Base MOD has a relatively hard to exploit SQL-Injection vulnerability. However, an attacker can exploit this bug and receive informations from the databas...

dc_phpbb_xss_sql.txt

This is a multi-part message in MIME format. ------=NextPart000000901C5406C.5DF1F1F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get...

CVE-2005-1170

This CVE refers to an SQL injection in PHPBB’s datenbank module (mod.php) where the id parameter enables remote SQL execution. The underlying vulnerability is an injectable query in mod.php, exposing potential data exposure and integrity impacts (CVSS v2 base score 7.5, HIGH). Affected component ...

CVE-2005-1171

CVE-2005-1171 is an XSS vulnerability affecting the phpBB datenbank module via mod.php, where the id parameter can be exploited to inject arbitrary script/HTML. The weakness stems from improper sanitization of user-supplied data, enabling remote attackers to execute script in the context of the v...

CVE-2005-1170

SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2005-1171

Cross-site scripting XSS vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter...

phpBB Knowledge Base Module kb.php cat Parameter SQL Injection

The installed version of phpBB on the remote host includes the Knowledge Base module, which does not properly sanitize input to the 'cat' parameter of the 'kb.php' script before using it in SQL queries. An attacker can exploit this flaw to modify database queries, potentially even uncovering user...

phpBBupload.txt

Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...

linkslinks.txt

SQL Injection was found in the Variable $id in : LinksLinks Pro Mod vulnerable system : phpBB 2.0.x exploit : links.php?func=show&id='SQL Injection Bug Found by : LovER BOY SecurityGurus Team www.securitygurusd0tNet...

phpbb2013SQL.txt

heres a update of the paper: phpBB 2.0.13 = downloads.php Mod SQL injection www.batznet.com Discussion: -------------------- This exploit makes it possible to insert SQL Code through downloads.php Bug: -------------------- http://www.phpbb.de/downloads.php?cat=batz Spits out an error msg: Could n...

dlmanphpBB.txt

SQL Injection was found in the Variable $fileid in : DLMan Pro' Mod vulnerable system : phpBB 2.0.x exploit : dlman.php?func=fileinfo&fileid='SQL Injection Bug Found by : LovER BOY SecurityGurus Team www.securitygurusd0tNet...

cal_phpbb.pl.txt

!/usr/bin/perl -w use IO::Socket; Example: C:\calphpbb.pl www.site.com /phpBB2/ 2 'Calendar Pro' Mod for phpBB Connecting... + Connected! Sending Data... Data Sent, Waiting for response... + MD5 Hash for user with id=2 is: 81dc9bdb52d04dc20036dbd8313ed055 if @ARGV \n"; print " e.g.: calphpbb.pl...

CVE-2005-1114

CVE-2005-1114 affects Photo Album 2.0.53 for phpBB; multiple SQL injection vulnerabilities exist in album_search.php that let remote attackers execute arbitrary SQL via the (1) mode or (2) search parameters. The NVD entry lists a base score of 7.5 (HIGH) with network attack vector and no authenti...

CVE-2005-1114

Multiple SQL injection vulnerabilities in albumsearch.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the 1 mode or 2 search parameters...

CVE-2005-1115

Multiple cross-site scripting XSS vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to 1 albumcat.php or 2 albumcomment.php...

CVE-2005-1113

Multiple cross-site scripting XSS vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to 1 groupcp.php, 2 index.php, 3 portal.php, 4 viewforum.php, or 5 viewtopic.php, 6 the c parameter to index.php, or 7 the article...

CVE-2005-1115

CVE-2005-1115 refers to multiple XSS flaws in Photo Album 2.0.53 module for phpBB. The vulnerabilities arise when user-supplied input is not properly sanitized, allowing remote attackers to inject arbitrary script or HTML via the bsid parameter to the scripts album_cat.php and album_comment.php. ...

CVE-2005-1116

Cross-site scripting XSS vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendarscheduler.php...

CVE-2005-1113

CVE-2005-1113 corresponds to multiple cross-site scripting (XSS) flaws in PhpBB Plus 1.52 and earlier. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to groupcp.php, index.php, portal.php, viewforum.php, or viewtopic.php; or via the c para...