phpBB Login Form SQL Injection

Binary data 2411.prm...

phpBB <= 2.0.10 Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on...

phpBB 2.0.10 - Remote Command Execution

phpBB 2.0.10 - Remote Command Execution !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on...

phpBB <= 2.0.10 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================ phpBB = 2.0.10 Remote Command Execution Exploit ================================================ !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ email protected...

phpBB viewtopic.php highlight Parameter SQL Injection (ESMARKCONANT)

The remote host is running phpBB. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands in the login form. An attacker could exploit this flaw to bypass the authentication of the remote host or execute arbitrary SQL statements against the remote database...

phpBB 2.0.10 - Remote Command Execution

!/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on http://securityfocus.com/archive/1/380993/2004-11-07/2004-11-13/0...

phpbb.php.txt

!/usr/bin/php -q 15th November 2004 : 4:04 a.m bug found by How Dark http://www.howdark.com 1st October 2004 Requirement: PHP 4.x with curl extension; Selamat Hari Raya / if !functionexists'curlinit' echo "cURL extension required\n"; exit; if $argv2 $url = $argv1; $command = $argv2; else echo...

phpBB Cash_Mod admin_cash.php Arbitrary Command Execution

It is possible to make the remote host include PHP files hosted on a third-party server using the phpBB CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable...

phpbb -- arbitrary command execution and other vulnerabilities

The ChangeLog for phpBB 2.0.11 states: Changes since 2.0.10 Fixed vulnerability in highlighting code very high severity, please update your installation as soon as possible Fixed unsetting global vars - Matt Kavanagh Fixed XSS vulnerability in username handling - AnthraX101 Fixed not confirmed sq...

phpBB 2.0.x - admin_cash.php PHP Remote File Inclusion

phpBB 2.0.x - admincash.php PHP Remote File Inclusion source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system...

phpBB 2.0.x - &#039;admin_cash.php&#039; PHP Remote File Inclusion

source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. Remote attackers could potentially exploit this issue vi...

phpBB Code EXEC &#40;v2.0.10&#41;

| | | | | | | | || | | | | | | | | |/ / / / | | | / | '| |/ / | | | | V V / | |/ / | | | | | |// // |/ ,|| || http://www.howdark.com ---------------------------------------------------------------------------------------------------------------------------------- // Information...

CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...

exploit in PHPBB 2010

explode: form action="" method="post" URL до форума:input type="text" name="url" size="50" value="http://www.phpbbexample.ru/forum/"br Колличество запросов:select name="select" size="1" option value="10"10/option option value="100"100/option option value="200"200/option option value="500"500/opti...

CVE-2002-1537

The CVE-2002-1537 entry concerns phpBB 2.0.0 where a local attacker can gain administrator privileges by directly calling admin_ug_auth.php with tampered form fields (e.g., u). This is a local privilege escalation affecting phpBB 2.0.0 via the admin_ug_auth.php component, due to manipulated input...

CVE-2002-1537

adminugauth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling adminugauth.php with modifed form fields such as "u"...

phpBB < 2.0 Multiple Vulnerabilities

Binary data 1729.prm...

phpBB < 3.0.2 Multiple Information Disclosure Vulnerabilities

Binary data 4585.prm...

phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection

The remote host is running a version of phpBB FetchAll older than 2.0.12. It is reported that this version of phpBB Fetch All is susceptible to a SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it in a SQL query...

CVE-2004-0729

PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid 1 categoryrows parameter to index.php, 2 faq parameter to faq.php, or 3 ranksrow parameter to profile.php, which reveal the full path in an error message...