EUVD-2004-2744

Malware in sbrugna...

Invision Power Board 1.3 SSI.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10511/info Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to...

YABB SE 1.x SSI.PHP ID_MEMBER SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the SSI.php script distributed as part of YaBB SE. Due to insufficient...

Simple Machines Forum 2.0.3 Path Disclosure

Summary: -------------- A security flaw allows an attacker to know the full path of the web system. Details: ----------- SSI.php Line 294: // Fetch a post with a particular ID. By default will only show if you have permission to the see the board in question - this can be overriden. function...

CVE-2011-1127

SSI.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors...

CVE-2004-2754

This CVE concerns a SQL injection in YaBB SE (v1.5.4, 1.5.3, and potentially older before 1.5.5) via the ID_MEMBER parameter to the recentTopics and welcome functions, allowing remote SQL commands. Affected software is YaBB SE; root cause is improper input handling in SSI.php. Impact per sources ...

YABBSESSI.phpID_MEMBER参数SQL注入漏洞

Yabb Se是一款基于PHP/MySQL的论坛程序。Yabb Se包含的SSI.php没有充分过滤用户提交的URI参数，远程攻击者可以利用这个漏洞进行SQL注入攻击，可能获得敏感信息或修改数据库。SSI.php文件返回一些论坛最近论题，版面统计等一些信息，由于对IDMEMBER参数缺少充分的过滤，攻击者可以提交恶意SQL命令，更改原有数据库逻辑，获得敏感信息或修改数据库。 YaBB 1.5.3-1.5.4 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载升级到YABB SE...

phpRaid-2.txt

Kurdish Security Advisory phpRaid Remote File Include SMF : "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com & [email protected] Risk : High Class : Remote Script : phpRaid Script Website : http://www.spiffyjr.com Versio...

Invision Power Board (IP.Board) 1.3 - SSI.php Cross-Site Scripting

Invision Power Board IP.Board 1.3 - SSI.php Cross-Site Scripting source: https://www.securityfocus.com/bid/10539/info Invision Power Board 'ssi.php' script reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization performed by...

Invision Power Board 1.3 - 'SSI.php' SQL Injection

source: https://www.securityfocus.com/bid/10511/info Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database. The impa...

Invision Power Board 1.3 - SSI.php SQL Injection

Invision Power Board 1.3 - SSI.php SQL Injection source: https://www.securityfocus.com/bid/10511/info Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQ...

yabbSE.txt

Summary: YaBB SE is a PHP/MySQL port of the popular forum software YaBB yet another bulletin board. An SQL Injection vulnerability in the product allows a remote attacker to insert malicious SQL statements. Details: Vulnerable Systems: Yabb Se version 1.5.4 tested, 1.5.3tested maybe others Immune...

YABB SE 1.x - SSI.php ID_MEMBER SQL Injection

YABB SE 1.x - SSI.php IDMEMBER SQL Injection source: https://www.securityfocus.com/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the SSI.php script distributed as part of YaBB SE. Due to...

YABB SE 1.x - 'SSI.php' ID_MEMBER SQL Injection

source: https://www.securityfocus.com/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the SSI.php script distributed as part of YaBB SE. Due to insufficient sanitizing of user-supplied URI...

CVE-2003-0275

Vulnerability: YaBB SE 1.5.2’s SSI.php is exploitable via the sourcedir parameter, allowing remote attackers to reference a URL containing PHP code and execute it on the affected server. Impact: Partial confidentiality, integrity, and availability per CVSS 2.0 base metrics (5.1). Details: No expl...

II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)

Illegal Instruction Labs Advisory ------------------------------------------------------------------------ Advisory name: Remote code execution in YaBBse 1.5.2 php version Advisory number: 13 Application: Yet another Bulletin Board 1.5.2 Vendor: www.yabbse.org Date: 06.05.2003 Impact: Attacker ca...