PunBB profile.php XSS

According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2005-2545

Multiple cross-site scripting XSS vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 content parameter to profile.php and profilemisc.php, 3 the profile fields in userpage.php, 4 subject or 5 body in mail.php, or 8...

punBB < 1.2.6 profile.php $temp Parameter SQL Injection (deprecated)

Binary data 3058.prm...

PunBB 1.x - &#039;profile.php&#039; User Profile Edit Module SQL Injection

source: https://www.securityfocus.com/bid/14195/info PunBB is affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input through the user profile edit module of the 'profile.php' script before using it in a SQL query...

phpBB 2.0.15 - Register Multiple Users (Denial of Service)

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 15 - 00/00/06 -------------------------------------------------------- Program: phpBB 2.0.15 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.15 & Lower versions Risk: High Risk!! Impact:...

CVE-2005-1051

SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a changeemail action...

CVE-2005-1290

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 u parameter to profile.php, 2 highlight parameter to viewtopic.php, or 3 forumname or forumdesc parameters to adminforums.php...

CVE-2005-1290

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 u parameter to profile.php, 2 highlight parameter to viewtopic.php, or 3 forumname or forumdesc parameters to adminforums.php...

phpBB 2.0.x - &#039;profile.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

CVE-2005-1051

SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a changeemail action...

CVE-2005-1051

CVE-2005-1051 affects PunBB 1.2.4: a SQL injection in profile.php via the id parameter in the change_email action. The vulnerability requires an authenticated remote user and allows arbitrary SQL execution, with reported potential for modification of database queries and administrative access. Do...

punBB < 1.2.5 profile.php SQL Injection

Binary data 2807.prm...

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

CVE-2005-0629

The CVE-2005-0629 issue concerns multiple XSS vulnerabilities in profile.php of 427BB 2.2. The vulnerability is triggered by the (1) user or (2) Avatar parameters, allowing remote attackers to inject arbitrary web script or HTML. The NVD entry documents a MEDIUM severity (CVSS v2: AV:N/AC:M/Au:N/...

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

427BB profile.php XSS vulnerability.

HRG - Hackerlounge Research Group Release: HRG007 Monday 03/01/05 427BB The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: 427BB Any Version --- General Information: 427BB Is a simple board...

CVE-2005-0570

PunBB 1.2.1 contains a vulnerability in profile.php that allows remote attackers to cause a denial of service (account lockout) by setting a user’s password to NULL. This is the concrete vulnerability described in CVE-2005-0570 across sources (NVD/NIST and CVE list). The connected documents also ...

Multiple vulns in punBB

================================================= SQL Injections in punbb-1.2.1 register.php ================================================= Description ----------- A remote attacker can cause register.php to execute arbitrary SQL statements by supplying malicous values to the language or email...

CVE-2004-1567

Silent Storm Portal (2.1/2.2) exposes a privilege escalation in profile.php: setting the mail parameter to 1 (the admin value) allows remote attackers to gain administrator privileges. Vulnerable parameter handling is the root cause; the CVE entry documents this as an admin-privilege bypass via a...

WordPress 1.2.x XSS Advisory

Module: wp-admin/profile.php Fields: First Name, Last Name. Нет проверки на знаки & Возможно внедрение java-скрипта. Патч: http://adz.void.ru/file.php?op=get&id=6 Описание: http://adz.void.ru/index.php?p=5 ------------ Легкой Смерти!...