13 matches found
EUVD-2006-6263
Malware in sbrugna...
hkbws.org.hk XSS vulnerability
Vulnerable URL: http://www.hkbws.org.hk/BBS/viewthread.php?tid=...
PHP-Fusion forum/viewthread.php highlight Parameter XSS
The version of PHP-Fusion installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user input to the 'highlight' parameter of the 'forum/viewthread.php' script. An unauthenticated, remote attacker may be able to leverage this to inject...
TinyBB 1.4 - Blind SQL Injection / Full Path Disclosure
Exploit Title : TinyBB 1.4 Sql Injection + Path Disclosure Google Dork : "Proudly powered by TinyBB" Date : 7 April 2011 Author : swami Contact : flaviodotbaldassiatgmaildotcom Version : 1.4 Tested on : Centos 5.5 with magicquotesgpc off Thanks to : ptrace.net From tinybb.net...
Discuz 6.0 viewthread.php 跨站漏洞
demo: http://bbs.51testing.com/viewthread.php?tid=%22%3E%3E%3Cscript%3Ealert%28insafe--SecEyE%29%3C/script%3E%3Cmarquee%3E%3Ch1%3EINSAFE%20By%20SECEYE%3C/h1%3E%3C/marquee%3E 不解释,COPY的朋友请留个北洋贱队的url就可以了 Discuz 6.0 升级到最新版本...
Discuz! 6.0.0 Cross Site Scripting
Discuz! 6.0.0 Download: http://www.comsenz.com/downloads/install/discuz Vendor: www.comsenz.com Author: s4r4d0 mail: [email protected] Bug: Cross site scripting has benn found on viewthread.php file. Exploit: http://host/bbs/viewthread.php?tid=Xss Demo:...
CVE-2006-6280
SQL injection vulnerability in viewthread.php in Oxygen O2PHP Bulletin Board 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572...
CVE-2006-6280
SQL injection vulnerability in viewthread.php in Oxygen O2PHP Bulletin Board 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572...
CVE-2006-6280
The CVE-2006-6280 entry describes an SQL injection vulnerability in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier. The affected component is viewthread.php, where the pid parameter is used in a way that allows remote attackers to execute arbitrary SQL commands. This vector is a different vector...
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the 1 forumid or 2 forumcat parameters, which allows remote attackers to view protected forums via the threadid parameter...
CVE-2005-0345
CVE-2005-0345 affects php-fusion 4.x where viewthread.php does not validate (1) forum_id or (2) forum_cat parameters, enabling remote attackers to view protected forums by supplying a thread_id. Reported impact is partial confidentiality loss; exploitation appears through crafted thread access ra...
PHP-Fusion viewthread.php Arbitrary Thread Access
Binary data 2598.prm...
CVE-2004-0323
Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the 1 ppp parameter in viewthread.php, 2 desc parameter in misc.php, 3 tpp parameter in forumdisplay.php, 4 ascdesc parameter in forumdisplay.php, or 5 the addon...