phpBB viewtopic.php Arbitrary Code Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'phpBB...

Sql injection

Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 viewforum.php and 2 viewtopic.php...

CVE-2009-0851

Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 viewforum.php and 2 viewtopic.php...

celerbb 0.0.2 - Multiple Vulnerabilities

Salvatore "drosophila" Fresta + Application: CelerBB + Version: 0.0.2 + Website: http://celerbb.sourceforge.net/ + Bugs: A Multiple SQL Injection B Information Disclosure C Authenticaion Bypass + Exploitation: Remote + Date: 05 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author:...

CVE-2004-2756

Cross-site scripting XSS vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the 1 forum and 2 topicid parameters...

Sql injection

Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 dzial parameter to a katalog.php, or the 2 t parameter to b forum.php or c forum/viewtopic.php, different vectors than CVE-2006-4536...

phpbb2. 0. 1 2 full path disclosure vulnerability-a vulnerability warning-the black bar safety net

phpbb is a powerful, scalable open source electronic Bulletin system. The latest version and low version are there is a path disclosure issue. Test method: The forum path is/viewtopic. php? p=6&highlight=\xiaohua Will appear the following text: Warning: Compilation failed: missing terminating for...

CVE-2006-2219

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the 1 mode parameter to memberlist.php and the 2 highlight parameter to viewtopic.php that are used a...

Dokeos 1.x - 'viewtopic.php' SQL Injection

source: https://www.securityfocus.com/bid/17463/info Dokeos is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

CVE-2005-4612

VULNERABILITY SUMMARY (CVE-2005-4612) : The affected software is VUBB alpha rc1. It contains multiple SQL injection vulnerabilities in three entry points: viewforum.php (parameter f), viewtopic.php (parameter t), and usercp.php (parameter view). The underlying issue is improper handling of user-s...

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

XOOPS viewtopic.php Cross Site Scripting Vulnerability

The remote web server contains a PHP script that is prone to cross- site scripting attacks. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

CVE-2005-2086

PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code...

phpBB 2.0.15 - 'highlight' Database Authentication Details

!/usr/bin/perl tested and working /str0ke...

phpbb2_0_15.pl.txt

!/usr/bin/perl Wed Jun 29 19:08:04 CEST 2005 [email protected] phpBB 2.0.15 -re-bug in viewtopic.php The complete Open Source Development with CVS: GNU General Public License Book on using CVS effectively \n"; exit1; $ARGV0 = m!http://.?/.?t=\d+!; my $server, $port = split /:/,$1; $port = 80...

CVE-2005-2086

Summary of concrete details (CVE-2005-2086) : The phpBB viewtopic.php vulnerability is an arbitrary code execution flaw affecting phpBB 2.0.4 through 2.0.15 (inclusive). The root cause involves improper handling of the highlight parameter in viewtopic.php, enabling PHP code execution on vulnerabl...

CVE-2005-2086

PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code...

Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug

On 28 Jun ‘05, at 14:47, ronvdaal wrote: Proof of concept: http://some.forum/viewtopic.php?p=postnum&highlight='.dieomghax.' Uh, whoops. Another suggested solution: Remove the highlight handling code in viewtopic.php or replace it with something that does not use the /e flag to pregreplace. As it...

Security Advisory - phpBB 2.0.15 PHP-code injection bug

Security Advisory -//- phpBB 2.0.15 PHP-code injection bug Program: phpBB 2.0.15 and older versions Homepage: http://www.phpbb.com Risk: Very High Date: June 28 2005 Title: PHP-code injection bug Type: partial disclosure Author: Ron van Daal :. Vendor notified: June 23 2005 Background: phpBB is a...