CVE-2008-1171

CVE-2008-1171 concerns multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB. An attacker could trigger code execution via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. The CVE notes a dispute: phpbb_root_path is e...

phpBB viewtopic.php Arbitrary Code Execution

This module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via pregreplace. This vulnerability was introduced in...

PT-2008-2764 · Phpbb · 123 Flash Chat Module

Name of the Vulnerable Software and Affected Versions: 123 Flash Chat Module for phpBB affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter to 1 "123flashchat.php" and 2 "phpbb login chat.php"...

123 Flash Chat Module for phpBB

Script : 123 Flash Chat Module for phpBB Discovered By : F10 Contact : [email protected] Site : http://by-f10.com Greetz : byemR3 , H0tturk , TaRanTuLa , gsy , ercu145 , LupuS , m0sted , CyberGhost ... . From : Turkey Download : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir The bugs are ...

123 Flash Chat Module for phpBB

Script : 123 Flash Chat Module for phpBB Discovered By : F10 Contact : [email protected] Site : http://by-f10.com Greetz : byemR3 , H0tturk , TaRanTuLa , gsy , ercu145 , LupuS , m0sted , CyberGhost ... . From : Turkey Download : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir The bugs are ...

123flash-rfi.txt

Script : 123 Flash Chat Module for phpBB Discovered By : F10 Contact : [email protected] Site : http://by-f10.com Greetz : byemR3 , H0tturk , TaRanTuLa , gsy , ercu145 , LupuS , m0sted , CyberGhost ... . From : Turkey Download : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir The bugs are ...

Debian Security Advisory DSA 1488-1 (phpbb2)

The remote host is missing an update to phpbb2 announced via advisory DSA 1488-1. OpenVAS Vulnerability Test $Id: deb14881.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1488-1 phpbb2 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian: Security Advisory (DSA-1488-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-0471

Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...

CVE-2008-0471

Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...

CVE-2008-0471

Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...

CVE-2008-0471

CVE-2008-0471 concerns phpBB 2.0.22 where a CSRF flaw in privmsg.php enables an attacker to delete a user’s private messages via a crafted request (deleteall). Public sources confirm the vulnerability in phpBB2 and note remediation through Debian updates (DSA-1488-1) and corresponding fixes in si...

phpbb2022-xsrf.txt

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability by NBBN Type: Cross-Site Request Forgery Founded: December 2007 An attacker can send a link via pm to a site with the follow html code to a victim and all victim's pm's are going to be deleted when he click the link. Code Vuln Versions: I've tested...

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability by NBBN Type: Cross-Site Request Forgery Founded: December 2007 An attacker can send a link via pm to a site with the follow html code to a victim and all victim's pm's are going to be deleted when he click the link. Code html head /head body...

Debian: Security Advisory (DSA-925-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

osData <= 2.08 Modules Php121 Local File Inclusion Vulnerability

No description provided by source. ========================================================================= osData = 2.08 Modules Php121 Local File Include Vulnerability ========================================================================= Found by : Cold z3ro , http://www.Hackteach.org/cc/...

osdata-lfi.txt

========================================================================= osData = 2.08 Modules Php121 Local File Include Vulnerability ========================================================================= Found by : Cold z3ro , http://www.Hackteach.org/cc/...

osData 2.08 Modules Php121 - Local File Inclusion

osData 2.08 Modules Php121 - Local File Inclusion ========================================================================= osData = 2.08 Modules Php121 Local File Include Vulnerability ========================================================================= Found by : Cold z3ro ,...

CVE-2007-6223

SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the makeid parameter in a search action in browse mode...

Sql injection

SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the makeid parameter in a search action in browse mode...