2176 matches found
CVE-2005-1116
CVE-2005-1116 is a documented XSS vulnerability in the phpBB Calendar module. The issue allows remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. The affected component is the phpBB Calendar integration; the root cause is improper sanitizati...
Datenbank Module For phpBB - Remote mod.php Cross-Site Scripting
Datenbank Module For phpBB - Remote mod.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13210/info A remote cross-site scripting vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prio...
phpBB datenbank mod has XSS/SQL Injection in the id variable
vulnerable mod: datenbank explaination: you can pass SQL Injection / Cross Site Scripting Commands in the id variable inside the mod.php mod-datenbank exploit: http://target/phpBB/moddb/mod.php?id='SQL Injection http://target/phpBB/moddb/mod.php?id='scriptalertdocument.cookie /script this bugs...
phpBB Remote - mod.php SQL Injection
phpBB Remote - mod.php SQL Injection source: https://www.securityfocus.com/bid/13209/info A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. A...
Datenbank Module For phpBB - 'Remote mod.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13210/info A remote cross-site scripting vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attack...
phpBB Remote - 'mod.php' SQL Injection
source: https://www.securityfocus.com/bid/13209/info A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to...
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
The installed version of phpBB on the remote host includes a photo album module that has multiple vulnerabilities: - A SQL Injection Vulnerability An attacker can pass arbitrary SQL code through the 'mode' parameter of the 'albumsearch.php' script to manipulate database queries. - Various...
Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules.
Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: Medium Title: Multiple Sql injection and XSS...
phpBB 1.x2.0.x - Knowledge Base Module KB.php SQL Injection
phpBB 1.x2.0.x - Knowledge Base Module KB.php SQL Injection source: https://www.securityfocus.com/bid/13219/info Knowledge Base Module is affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQ...
PHP Photo Album < 2.0.14 Multiple Vulnerabilities
Binary data 2821.prm...
phpBB Photo Album Module 2.0.53 - Album_Comment.php Cross-Site Scripting
phpBB Photo Album Module 2.0.53 - AlbumComment.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13158/info Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...
phpBB Photo Album 2.0.53 Module - Album_Cat.php Cross-Site Scripting
phpBB Photo Album 2.0.53 Module - AlbumCat.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13157/info Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...
phpBB Photo Album Module 2.0.53 - 'Album_Comment.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13158/info Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the brows...
CVE-2005-1047
Meilad File upload script up.php mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory...
CVE-2005-1047
CVE-2005-1047 concerns a vulnerability in the phpBB 2.0.x up.php file upload mod. The issue is that the upload script does not properly restrict file types, allowing remote authenticated users to upload executable PHP files and subsequently access them from the uploads directory to execute arbitr...
phpBB up.php Arbitrary File Upload
The installed version of phpBB on the remote host includes a file upload script intended as a way for users to upload files that they can then link to in their posts. The script, however, does not require authentication, makes only a limited check of upload file types, and stores uploads in a kno...
CVE-2005-1026
The CVE-2005-1026 entry concerns SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods. The flaws allow remote attackers to execute arbitrary SQL commands via (1) the file_id parameter to dlman.php in DLMan Pro and (2) the id parameter to links.php in Linkz Pro (aka LinksLinks Pro). This ...
CVE-2005-1026
Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the 1 fileid parameter to dlman.php in DLMan Pro or 2 id parameter to links.php in Linkz Pro aka LinksLinks Pro...
phpBB Upload Script "up.php" Arbitrary File Upload
Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...
CVE-2005-1047
Meilad File upload script up.php mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory...