phpBB 3.0.8 - Remote Denial of Service

source: https://www.securityfocus.com/bid/65481/info phpBB is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Phpbb Forum Denial of Service Vulnerability !/usr/bin/perl Iranian Exploit...

[SECURITY] [DSA 2752-1] phpbb3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2752-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 07, 2013 http://www.debian.org/security/faq -...

UBUNTU-CVE-2013-5724

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations...

[SECURITY] [DSA 2752-1] phpbb3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2752-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 07, 2013 http://www.debian.org/security/faq -...

DSA-2752-1 phpbb3 - too wide permissions

Bulletin has no description...

phpBB 3.0.11 CSRF Vulnerability

An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application...

phpBB highlight Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications This is private exploit. You can buy it at https://0day.today...

phpBB viewtopic.php URL Decoding Code Execution (CVE-2004-1315)

A code injection and execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic.php. A remote attacker can exploit this issue by injecting malicious SQL code to the target server. Successful exploitatio...

phpBB 3.0.10 多个SQL注入漏洞

BUGTRAQ ID: 54734 phpBB是全球流行的开源公告牌系统。 phpBB 3.0.10及其他版本在实现上存在多个SQL注入漏洞，成功利用后可允许攻击者控制应用，访问或修改数据，利用下层数据库中的其他漏洞。 0 phpBB 3.0.10 厂商补丁： phpBB Group ----------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.phpbb.com/ Request : --- POST /kuba/phpBB/phpBB3/ucp.php?i=prefs&mode=personal...

phpBB - Multiple SQL Injections

source: https://www.securityfocus.com/bid/54734/info phpBB is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access ...

phpBB - Multiple SQL Injections

phpBB - Multiple SQL Injections source: https://www.securityfocus.com/bid/54734/info phpBB is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

phpBB uploadpic.php Shell Upload

0101010101----010101010101010 01 01------0101 0101 01 01------0101 0101 01 01------0101 0101 01 01------0101 0101 01 01------0101 0101 01 01------0101 0101 01 01------0101010101 01 01------0101 010 01 01------0101 010 01 01------0101 010 01 01------0101 010 01 01------0101 010 0101010101----0101...

phpBB MyPage Plugin SQL Injection

phpBB MyPage Plugin SQL Injection Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

PHP 5.4.1 getimagesize() Denial of Service Memory leak

Exploit for php platform in category dos / poc PHP 5.4.1 getimagesize Denial of Service Memory leak Details: Getimagesize function is used to determine the size of an image. It recives one parameter as URI. Getimagesize doesn't implement any function to verify if the remote file that is been...

http-config-backup NSE Script

Checks for backups and swap files of common content management system and web server configuration files. When web server files are edited in place, the text editor can leave backup or swap files in a place where the web server can serve them. The script checks for these files: wp-config.php:...

Phpbb RCE

phpBB viewtopic.php RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

phpBB alltopics.php SQLI

phpBB alltopics.php SQLI Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

phpBB MyPage Plugin 'id' Parameter SQL Injection Vulnerability

This host is running phpBB MyPage plugin and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: secpodphpbbmypagepluginsqlinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ phpBB MyPage Plugin 'id' Parameter SQL Injection Vulnerability Authors: Rachana Shetty Copyright: Copyrig...

phpBB MyPage Plugin <= 0.2.3 SQLi Vulnerability - Active Check

phpBB MyPage plugin is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"...

phpBB MyPage plugin sql injection and fix-vulnerability warning-the black bar safety net

==================================================== MyPage plugin phpBB SQL Injection All versions ==================================================== Title: SQL Injection on the plugin, phpBB plugin MyPage Author: CrazyMouse from HackSociety.net version: 0.2.3 currently all versions are affect...