[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20

waraxe-2007-SA049 - Multiple vulnerabilities in Phorum 5.1.20 ==================================================================== Author: Janek Vind "waraxe" Date: 19. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-49.html Target software description: Phorum 5.1.20...

Discuz! pm.php注入EXP

No description provided by source. htmlbr / headbr / meta http-equiv="Content-Type" content="text/html; charset=gb2312"br / titleDz 0day by Jackal/titlebr / SCRIPT LANGUAGE="JavaScript"br / !--br / function ReplaceDemotempbr / var r, re;br / re = /S+s+S+/g;br /...

CVE-2006-4881

Multiple cross-site scripting XSS vulnerabilities in David Bennett PHP-Post PHPp 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the replyuser parameter in a pm.php; 2 the txtjumpto parameter in b dropdown.php; the 3 txterror and 4 txttemplatenotexist parameter...

CVE-2006-4078

pm.php aka the PM system in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter...

CVE-2006-4078

The CVE-2006-4078 entry concerns DeluxeBB 1.08 (and possibly earlier) where pm.php (the PM system) allows remote attackers to bypass authentication by supplying an arbitrary username in the membercookie cookie parameter. This is a logic/authorization flaw in the PM component that enables access w...

CVE-2006-4078

pm.php aka the PM system in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter...

Phorum 5 (pm.php) Arbitrary Local Inclusion Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PHORUM 5 arbitrary local inclusion exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork: "This forum powered by Phorum."\n\n"; / works with: registerglobals=On...

CVE-2006-3303

DeluxeBB 1.07 and earlier have cross-site scripting in pm.php, exploitable via the subject or to parameters, enabling injection of arbitrary script/HTML. Root cause: improper input handling in pm.php leading to reflected XSS. Impact per available data is partial integrity impact with no confident...

DeluxeBB 1.0 - pm.php SQL Injection

DeluxeBB 1.0 - pm.php SQL Injection source: https://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. Successful exploitation could result in a...

CVE-2005-0526

Multiple cross-site scripting XSS vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via 1 the search string to search.php, 2 the subject of a PM, which is processed by pm.php, or 3 the body of a PM, which is processed by pmpshow.php...

CVE-2005-0526

Multiple cross-site scripting XSS vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via 1 the search string to search.php, 2 the subject of a PM, which is processed by pm.php, or 3 the body of a PM, which is processed by pmpshow.php...