CVE-2006-5775

Cross-site scripting XSS vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter...

CVE-2006-5775

Technical details about CVE-2006-5775 are not publicly provided in the connected documents. No explicit affected products, versions, or fixes are detailed here. Monitor for updates.

CVE-2006-4879

The CVE-2006-4879 entry documents a SQL injection vulnerability in the PHPp 1.0 (David Bennett PHP-Post) profile.php where the user parameter allows remote arbitrary SQL execution. Affected component: profile.php in PHP-Post (PHPp) 1.0 and earlier. Root cause: unsafely interpolated user input in ...

CVE-2006-4879

SQL injection vulnerability in profile.php in David Bennett PHP-Post PHPp 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter...

CVE-2006-4161

Directory traversal vulnerability in the avatargallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the category parameter...

CVE-2006-4161

Directory traversal vulnerability in the avatargallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the category parameter...

CVE-2006-4161

CVE-2006-4161 : The provided documents confirm a directory-traversal flaw in XennoBB 2.1.0 and earlier, located in the profile.php avatar_gallery action. An attacker could read arbitrary files by supplying a .. (dot dot) sequence in the category parameter. The NVD entry lists the affected softwar...

CVE-2006-4025

SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the 1 bdayday, 2 bdaymonth, and 3 bdayyear parameters in the personal section...

CVE-2006-4025

XennoBB 2.1.0 (and earlier) contains a SQL injection in profile.php. The vulnerability affects the personal section via the bday_day, bday_month, and bday_year parameters, enabling a remote authenticated user to manipulate SQL commands. The CVSS-derived impact indicates partial confidentiality, i...

yabbse-all.txt

Hey str0ke - Are you the same str0ke whose code I've been ripping, damn I guess I better release my first N3td3v Sponsering Disclosure..... NDSD-06-001: YABBSE SQL Injection June 23, 2006 -- Sponsered post http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046903.html -- Affected Vendor...

CVE-2006-3275

CVE-2006-3275 affects YaBB SE 1.5.5 and earlier, with a SQL injection in profile.php via a double-encoded user parameter in the viewprofile action. The underlying issue is a lack of proper input handling that allows remote attackers to execute SQL commands. Documented impact includes potential da...

YaBB SE <= 1.5.5 profile.php user Parameter SQL Injection

Binary data 3669.prm...

wbb&lt;&lt;--v 2.1.6 &quot;profile.php&quot; SQL injection

============================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Sw33t h4ck3r Breeeeh-BoNym-Rootshill-LiNuXrOOt-SauDiVirUs ============================================== Example:-...

FunkBoardCF0.71.txt

Title : FunkBoard CF0.71 profile.php Remote User Pass Change Exploit Author : ajann REMOTE USER PASS CHANGE EXPLOİT; Change: = ID AND action Profile User Name ajann Membership Number 247 First Registered Sat 03 Jun 2006 at 09:20:14 pm Last Login Sat 03 Jun 2006 at 09:21:45 pm Number of posts 0...

CVE-2006-2896

CVE-2006-2896: FunkBoard CF0.71 suffers from a vulnerability in profile.php where a remote attacker can change arbitrary passwords by tampering with a hidden uid field in the Edit Profile action. Affected component is the profile handling in FunkBoard CF0.71; root cause is the inability to valida...

CVE-2006-2896

profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action...

FunkBoard CF0.71 - &#039;profile.php&#039; Remote User Pass Change

/str0ke -- Profile User Name ajann Membership Number 247 First Registered Sat 03 Jun 2006 at 09:20:14 pm Last Login Sat 03 Jun 2006 at 09:21:45 pm Number of posts 0 Stat...

FunkBoard CF0.71 - profile.php Remote User Pass Change

FunkBoard CF0.71 - profile.php Remote User Pass Change /str0ke -- Profile User Name ajann Membership Number 247 First Registered Sat 03 Jun 2006 at 09:20:14 pm Last Login Sat 03 Jun 2006 at 09:21:45 pm Number of posts 0...

FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit

No description provided by source. !-- Change action="http://profile.php" under the form tags /str0ke -- !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"htmlheadMETA http-equiv="Content-Type" content="text/html; charset=utf-8"/headbodyform enctype="multipart/form-data"...

TinyPHP Forum &lt;= 3.6 (profile.php) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl $App : TinyPHP forum = 3.6 Remote Command Execution Exploit $Bug : http://tinyphp/profile.php?action=view&uname=../afile%00 $IHST: h4ckerz.com / hackerz.ir / aria-security.net coded By Hessam-x Hessamx -at- Hessamx.net use IO::Socket; use...