949 matches found
ibp-2.1.4-xpl.txt
This exploit has only been tested on 2.1.4. Others are most likely vulnerable but have not yet been tested. Simple SQL injection in funcmsg.php on line 448. tobyid is not properly sanitized. It's passed to the class via an instance of the messenger class, which takes it from the ipb sanitized inp...
SQL injection exploit IPB <= 2.1.4
This exploit has only been tested on 2.1.4. Others are most likely vulnerable but have not yet been tested. Simple SQL injection in funcmsg.php on line 448. tobyid is not properly sanitized. It's passed to the class via an instance of the messenger class, which takes it from the ipb sanitized inp...
CVE-2005-3777
MyBB 1.0 PR2 Rev 686 is affected by a vulnerability that allows remote attackers to delete or move private messages (PM) by submitting modified fields in the inbox form. The provided documents confirm the affected software and the manipulation vector, but do not specify root cause details beyond ...
CVE-2005-0878
Cross-site scripting XSS vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM private message...
CVE-2005-0878
MercuryBoard before 1.1.3 is affected by CVE-2005-0878: an XSS flaw in the title field of private messages that lets remote attackers inject arbitrary script/HTML. Root cause: insufficient input sanitization in the PM title. Impact: could compromise user sessions or integrity of rendered pages as...
CVE-2005-0878
Cross-site scripting XSS vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM private message...
CVE-2005-0631
CVE-2005-0631 affects PBLang BBS (version around 4.63) with a vulnerability in delpm.php where a logged-in, remote user can delete arbitrary personal messages by altering the id and a parameters. The issue stems from improper handling of these parameters, enabling unauthorized PM deletion within ...
HRG009.txt
HRG - Hackerlounge Research Group Release: HRG009 Monday 03/01/05 Software PBLang 4.63 delpm.php authentication problem The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: PBLang 4.63 and...
Software PBLang 4.65 pm.php XSS vulnerability
HRG - Hackerlounge Research Group Release: HRG003 Friday 11-02-05 Software PBLang 4.65 pm.php XSS vulnerability The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: PBLang 4.65 current and...