CVE-2006-4749

CVE-2006-4749 describes multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 and earlier. The flaw allows remote attackers to execute arbitrary PHP code via the include_location parameter in files including activate.php, configure.php, fileop.php, geti...

CVE-2006-4272

Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service resource consumption via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations...

SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion

SolpotCrew Community phpCC - Beta 4.2 basedir Remote File Inclusion Download file : http://www.phpcc.at/downloadfile1.html Bug Found By :Solpot a.k.a k. Hasibuan 06-08-2006 contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-05.txt Greetz: choi , h4ntu , Ibnusina ,...

CVE-2006-3826

Multiple cross-site scripting XSS vulnerabilities in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 userlogin, 2 fullname, and 3 URL parameters in register.php; and allow remote authenticated administrators to...

CVE-2006-3826

CVE-2006-3826: XSS in Kailash Nadh boastMachine (3.1 and earlier) allows remote injection via register.php parameters (user_login, full_name, URL) and via admin interface parameters (cat_list, key); no exploitation status or patch details are provided in the connected documents.

CVE-2006-3318

SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 email parameters...

biblenet.txt

Biblenet.net Homepage: http://www.biblenet.net Affected files: gettinginvolved.html register.php member.php /library/index.html ----------------------------------------- Biblespace uses vBulletin for most of their site, so most of these vulns are based in the vbulletin site themselves, which othe...

Andys Chat 4.5 (action) Remote File Inclusion

Andys Chat 4.5 action Remote File Inclusion Credit : SpC-x Site : http://wWw.SaVSaK.CoM Greetz : | Liz0ziM | Ejder | FasTBoY | TheBeKiR | Nukedx | Remote File Inclusion : http://www.victim.net/path/register.PHP?action=CMD-Script /SpC-x...

CVE-2006-2727

The CVE-2006-2727 entry describes a vulnerability in Eggblog prior to version 3.0 where the home/register.php flow allows remote attackers to change the password of administrators (and possibly other users) by supplying a modified username parameter. Affected component: Eggblog web application, l...

CVE-2006-2282

Cross-site scripting XSS vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php...

Cross site scripting

Cross-site scripting XSS vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element...

CVE-2006-2167

CVE-2006-2167 describes a cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, potentially in register.php. The flaw allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. The affe...

CVE-2006-2167

Cross-site scripting XSS vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element...

CVE-2006-2011

Cross-site scripting XSS vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the username parameter in register.php...

WWWThread RC 3 MultBugs

code// --- WWWThread RC 3 MultBugs --- // D3vil-0x1 | Devil-00 www.securitygurus.net Gr33tz - HACKERS PAL | n0m3rcy | - & All Others i forgot them : //---------------------------------// //---------------------------------// Bug 1 //---------------------------------// // File name :- register.php...

CVE-2006-1815

CVE-2006-1815 affects Tritanium Bulletin Board (TBB) 1.2.3: register.php is vulnerable to reflected XSS via the newuser_realname and newuser_icq parameters in the faction=register flow (index.php), allowing remote script/HTML injection. This vector is distinct from CVE-2006-1768. Root cause cited...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 tname or 2 fpost parameters to a post.php; 3 fullname, 4 emailadd, 5 country, 6 sig, or 7 otherav parameters to b editac.php; or 8 fullname, 9 emailadd, or 10...

CVE-2006-1637

Multiple cross-site scripting XSS vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 tname or 2 fpost parameters to a post.php; 3 fullname, 4 emailadd, 5 country, 6 sig, or 7 otherav parameters to b editac.php; or 8 fullname, 9 emailadd, or 10...

CVE-2006-1637

Multiple cross-site scripting XSS vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 tname or 2 fpost parameters to a post.php; 3 fullname, 4 emailadd, 5 country, 6 sig, or 7 otherav parameters to b editac.php; or 8 fullname, 9 emailadd, or 10...

Sql injection

Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters to a login.php or b register.php; or 3 u parameter to c profile.php...