CVE-2005-1585

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 iCategory or 2 page parameter to index.php, or 3 iCategory parameter in the query string to the forum directory...

EUVD-2005-1589

Malware in sbrugna...

EUVD-2005-1588

Malware in sbrugna...

EUVD-2005-1587

Malware in sbrugna...

CVE-2005-1586

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...

quickForum.txt

Quick.Forum 'topic field' XSS and 'page' & 'iCategory' SQL injection vendor url:http://qc.dotgeek.org/os/index.php?p=productsQuickForum advisore:http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html vendor notify: yes exploit available: yes Quick.Forum contais a flaw which...

CVE-2005-1586

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...

CVE-2005-1584

Cross-site scripting XSS vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action...

CVE-2005-1585

CVE-2005-1585 affects Quick.Forum 2.1.6 with multiple SQL injection vulnerabilities. The flaws allow remote attackers to manipulate the database by supplying crafted values to (1) iCategory or (2) page parameters in index.php, or (3) iCategory parameter in the query string to the forum directory....

CVE-2005-1585

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 iCategory or 2 page parameter to index.php, or 3 iCategory parameter in the query string to the forum directory...

CVE-2005-1584

Cross-site scripting XSS vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action...

CVE-2005-1586

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...

CVE-2005-1584

The CVE-2005-1584 entry describes a Cross-site scripting (XSS) vulnerability in Quick.Forum 2.1.6, exploitable via the topic field in a NewTopic action within index.php. The underlying issue is an XSS allowance in the input handling, enabling remote attackers to inject arbitrary web script or HTM...

CVE-2005-1586

Quick.Forum 2.1.6 is affected by a vulnerability where sensitive data (usernames, banned IP addresses, censored words, and backups) is stored under the web document root and can be obtained by direct requests to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. R...

[SA15200] Quick.Forum Topic Script Insertion Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Quick.Forum Topic Script Insertion Vulnerability SECUN...

CVE-2005-1585

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 iCategory or 2 page parameter to index.php, or 3 iCategory parameter in the query string to the forum directory...