Lucene search
K

6276 matches found

Cvelist
Cvelist
added 2006/07/07 12:0 a.m.18 views

CVE-2006-3420

Cross-site request forgery CSRF vulnerability in editpost.php in MyBulletinBoard MyBB before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the...

6.7AI score0.01507EPSS
Exploits0References3
Prion
Prion
added 2006/06/02 10:18 a.m.18 views

Code injection

admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter...

6.4CVSS7.2AI score0.02509EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2006/06/02 10:18 a.m.16 views

CVE-2006-2773

admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.4CVSS6.5AI score0.01595EPSS
Exploits1References3
Cvelist
Cvelist
added 2006/06/02 10:0 a.m.19 views

CVE-2006-2771

admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter...

6.7AI score0.02509EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.25 views

Land Down Under <= 800 Multiple Vulnerabilities

The remote web server contains a PHP script that permits SQL injection and cross-site scripting attacks. Description : The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magicquotes' setting is disabled due to its failure to...

7.5CVSS0.5AI score0.01768EPSS
Exploits2References4
Cvelist
Cvelist
added 2005/12/04 10:0 p.m.19 views

CVE-2004-2639

Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors...

6.7AI score0.01549EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2005/09/06 12:0 a.m.28 views

GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200508-20 phpGroupWare: Multiple vulnerabilities phpGroupWare improperly validates the 'mid' parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disable...

7.5CVSS5.9AI score0.05091EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/09/06 12:0 a.m.21 views

Land Down Under <= 800 Multiple Vulnerabilities

The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magicquotes' setting is disabled due to its failure to sanitize the request URI before using it in 'system/functions.php' in the function 'ldulog'. A malicious user may be able...

7.5CVSS5.3AI score0.01768EPSS
Exploits2References5
Gentoo Linux
Gentoo Linux
added 2005/08/30 12:0 a.m.35 views

phpGroupWare: Multiple vulnerabilities

Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...

7.5CVSS6.5AI score0.05091EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2005/08/17 4:0 a.m.26 views

CVE-2005-2600

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...

5CVSS5.9AI score0.01604EPSS
Exploits0References1
CVE
CVE
added 2005/08/17 4:0 a.m.59 views

CVE-2005-2600

CVE-2005-2600 is described in connected sources as a vulnerability in the tree view of FUD Forum Bulletin Board Software (also present in phpgroupware/egroupware imports) that allows remote attackers to read private posts by modifying the mid parameter. The OpenVAS entries reference this CVE with...

5CVSS6.1AI score0.01604EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2005/08/17 4:0 a.m.21 views

CVE-2005-2600

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...

5CVSS6.2AI score0.01604EPSS
Exploits0References6
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-2639

Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors...

7.5CVSS6.7AI score0.01549EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2004/12/12 12:0 a.m.23 views

phpbbquoteflaw.txt

Affected Software: phpBB 2.x tested on 2.0.4 and 2.0.8, untested on later versions Vulnerability: flaw in code handling the quoting of posts. Severity: Low Discovered by: Matt Benenati +Details+ ========= This flaw could allow a malicious user to alter the alignment and layout of any posts in the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/10/08 12:0 a.m.8 views

GeekLog 1.3.x - HTML Injection

GeekLog 1.3.x - HTML Injection source: https://www.securityfocus.com/bid/8792/info Geeklog has been reported prone to multiple HTML Injection vulnerabilities. The issues have been reported to present themselves due to a lack of sufficient sanitization performed on data that is parsed from forum...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/25 12:0 a.m.30 views

NPDS 4.8 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5797/info Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client. NPDS does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...

7.4AI score
Exploits0
Rows per page
Query Builder