27 matches found
EUVD-2004-2122
Malware in sbrugna...
phpBB 2.0.21 Privmsg.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code...
phpBB 2.0.6 Privmsg.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. Thi...
PhpBB2 Custom Mass PM 1.4.7 Cross Site Scripting
No description provided by source. ^ Exploit title: PhpBB2 Module "Custom Mass PM" Cross Site Scripting Vulnerability ^ Author : Silic0n sciencemedia017Atyahoo.com ^ MOD Title: Custom mass PM ^ MOD Description: Add mass PM functionnality to group members or all forums members for authorized users...
PhpBB2 Custom Mass PM 1.4.7 Cross Site Scripting
------------------------------------------------------------------------------- 0 | | | | | | TM 1 | | | | | | 0 | / | ' \ / | ' \ / |/ | |/ / \ '| ' \ / \ | 1 / / | | | | / | | | | | | | alertdocument.cookie -------------------- ^ Vulnearble code -------------------- $tousernamearray = explode...
PhpBB2 Module "Custom Mass PM" Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------------- 0 | | | | | | TM 1 | | | | | | 0 | / | ' \ / | ' \ / |/ | |/ / \ '| ' \ / \ | 1 / / | | | | / | | | | | | | alertdocument.cookie -------------------- ^ Vulnearble...
phpbb 2.0.13 privmsg.php 跨站脚本漏洞
No description provided by source...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...
CVE-2008-0471
Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...
CVE-2008-0471
Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...
CVE-2008-0471
Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...
CVE-2008-0471
CVE-2008-0471 concerns phpBB 2.0.22 where a CSRF flaw in privmsg.php enables an attacker to delete a user’s private messages via a crafted request (deleteall). Public sources confirm the vulnerability in phpBB2 and note remediation through Debian updates (DSA-1488-1) and corresponding fixes in si...
phpBB 2.0.21 - privmsg.php HTML Injection
phpBB 2.0.21 - privmsg.php HTML Injection source: https://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...
phpBB (privmsg.php) XSS Exploit
phpBB privmsg.php XSS Exploit By: Demential Web: http://headburn.altervista.org E-mail: [email protected] PhpBB website: http://phpbb.com Exploit tested on phpBB 2.0.21 Secunia.com said: Input passed to the form field "Message body" in privmsg.php is not properly sanitised before it is returned to...
CVE-2006-6421
Cross-site scripting XSS vulnerability in the private message box implementation privmsg.php in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user...
CVE-2006-6421
Cross-site scripting XSS vulnerability in the private message box implementation privmsg.php in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user...
CVE-2006-6421
Cross-site scripting XSS vulnerability in the private message box implementation privmsg.php in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user...
CVE-2006-6421
CVE-2006-6421 is an XSS in phpBB 2.0.x; the private messaging (privmsg.php) feature allows remote authenticated users to inject arbitrary script/HTML via the Message body when targeting a non-existent user. Affected component: phpBB 2.0.x private messaging; root cause is user-supplied input not s...
CVE-2004-2130
Multiple cross-site scripting XSS vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the 1 folder or 2 mode variables...
CVE-2004-2130
CVE-2004-2130 affects phpBB 2.0.6. The described vulnerability is multiple cross-site scripting (XSS) in privmsg.php, exploitable via the (1) folder or (2) mode parameters, allowing remote attackers to have their HTML/Script executed in a victim’s browser. The sources consistently cite XSS in php...