CVE-2006-1040

CVE-2006-1040 affects vBulletin versions 3.0.12 and 3.5.3. The vulnerability is a cross-site scripting (XSS) flaw where user-supplied content placed in the email field is injected into profile.php but not sanitized in sendmsg.php, enabling remote attackers to inject arbitrary web script or HTML t...

Advisory-18.txt

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 18 - 03/03/06 -------------------------------------------------------- Program: phpBB Homepage: http://www.phpbb.com Vulnerable Versions: All phpBB versions Risk: High Risk!! Impact: Multiple DoS...

phpBB <= 2.0.19 Multiple DoS vulnerabilities

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 18 - 03/03/06 -------------------------------------------------------- Program: phpBB Homepage: http://www.phpbb.com Vulnerable Versions: All phpBB versions Risk: High Risk!! Impact: Multiple DoS...

vBulletin Email Field XSS

According to its banner, the version of vBulletin installed on the remote host does not properly sanitize user-supplied-input to the email field in the 'profile.php' script. Using a specially crafted email address in his profile, an authenticated attacker can leverage this issue to inject arbitra...

CVE-2006-0724

profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are not...

CVE-2006-0450

phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service application crash by 1 registering many users through profile.php or 2 using search.php to search in a certain way that confuses the database...

Code injection

phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service application crash by 1 registering many users through profile.php or 2 using search.php to search in a certain way that confuses the database...

CVE-2006-0074

SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected...

CVE-2006-0074

CVE-2006-0074 describes an SQL injection in PHPenpals’ profile.php via the personalID parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. Connected sources indicate that the issue affects profile.php and note that 1.1 and earlier versions are affected; this vec...

CVE-2005-3918

CVE-2005-3918 affects OvBB 0.08a with SQL injection vulnerabilities exposed via the threadid parameter to thread.php and the userid parameter to profile.php. The connected PT-2005-4658 entry provides concrete details: attackers can remotely execute arbitrary SQL commands due to these input vector...

XSS in PBLang 4.65 Profile.php/UCP.php

Who's got the magic stick? It sure as hell ain't 50 Cent. Excuse me for posting again within minutes but I did not properly check the other forms. In UCP.php, when editing your profile, in several fields you can inject code into the page, just as in the SendPm.php. EX: Input table: "URL"...

OvBB SQL vulnerabilities.

OvBB SQL vulnerabilities. Vuln. dicovered by : r0t Date: 24 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/ovbb-sql-vulnerabilities.html Vendor:http://www.ovbb.org/ affected version: V0.08a and prior Vuln. description: Input passed to the "threadid" parameter in "thread.php" isn't...

CVE-2005-3770

Multiple cross-site scripting XSS vulnerabilities in PHP-Post PHPp 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the subject in a post, or the user parameter to 2 profile.php and 3 mail.php...

[KAPDA::#14] - PHPPost XSS and HTML Injection

KAPDA New advisory Vendor: http://www.php-post.co.uk/ Vulnerable Version: v1.0 Bug: XSS and HTML Injection Exploitation: Remote with browser Description: -------------------- PHPP is a free message board powered by PHP and MySQL. Vulnerability: -------------------- HTML Injection: The software do...

CVE-2005-3770

PHP-Post (PHPp) 1.0 contains cross-site scripting (XSS) vulnerabilities exploitable via the subject field in posts or the user parameter to profile.php and mail.php. The underlying issue is arbitrary-script/HTML injection, leading to potential script execution in victims’ browsers. Affected softw...

CVE-2005-3638

Cross-site scripting XSS vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter in profile.php and 2 titles of posts...

CVE-2005-3638

Cross-site scripting XSS vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter in profile.php and 2 titles of posts...

Ekinboard 1.0.3 - 'profile.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15447/info Ekinboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of...

PunBB profile.php XSS

The remote web server contains a PHP script that is prone to multiple cross-site scripting attacks. Description : According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php'. With a specially-crafted URL, an attacker...

PunBB profile.php XSS

According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...