EUVD-2002-1463

Malware in sbrugna...

EUVD-2002-1465

Malware in sbrugna...

EUVD-2002-1464

Malware in sbrugna...

phpGB 1.1 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5676/info phpGB is subject to HTML injection attacks. phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook...

phpGB 1.1/1.2 PHP Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...

phpGB 1.x SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5673/info phpGB is vulnerable to a SQL injection vulnerability. The cause of the issue is that the bulletin board relies on the PHP magicquotesgpc directive to sanitize variables that are used in SQL queries. If...

CVE-2002-1481

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php...

CVE-2002-1480

Cross-site scripting XSS vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry...

CVE-2002-1482

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magicquotesgpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry...

CVE-2002-1480

CVE-2002-1480 : Affects phpGB prior to 1.20. It is a cross-site scripting (XSS) vulnerability in guestbook pages that lets remote attackers inject arbitrary HTML/script, which is executed when the administrator deletes a guestbook entry. The NVD lists a base score of 6.8 (MEDIUM) with network exp...

CVE-2002-1480

Cross-site scripting XSS vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry...

CVE-2002-1482

This CVE (CVE-2002-1482) affects phpGB 1.20 and earlier. The connected NVD entry describes a SQL injection in login.php when magic_quotes_gpc is not enabled, allowing remote attackers to gain administrative privileges via SQL in the password entry. The vulnerability is rated with base score 10.0 ...

CVE-2002-1481

The CVE-2002-1481 entry concerns phpGB versions 1.20 and earlier where savesettings.php allows unauthenticated remote modification of config.php. The root cause is lack of authentication on savesettings.php, enabling an attacker to alter configuration and potentially cause a denial of service or ...

CVE-2002-1481

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php...

CVE-2002-1482

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magicquotesgpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry...

phpGB: mysql injection bug

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following mysql-injection-bug in phpGB: Details - ------- Product: phpGB Affected Version: 1.20 and maybe all versions before Immune Version: 1.40 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status:...

phpGB: DoS and executing_arbitrary_commands

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following design error in phpGB: Details - ------- Product: phpGB Affected Version: 1.20 and maybe all versions before Immune Version: 1.30 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status: informed, new...

phpGB: cross site scripting bug

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following cross-site-scripting-bug in phpGB: Details - ------- Product: phpGB Affected Version: 1.10 and maybe all versions before Immune Version: 1.20 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status:...

phpGB 1.1 - HTML Injection

source: https://www.securityfocus.com/bid/5676/info phpGB is subject to HTML injection attacks. phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in t...

phpGB 1.x - SQL Injection

phpGB 1.x - SQL Injection source: https://www.securityfocus.com/bid/5673/info phpGB is vulnerable to a SQL injection vulnerability. The cause of the issue is that the bulletin board relies on the PHP magicquotesgpc directive to sanitize variables that are used in SQL queries. If magicquotesgpc is...