177 matches found
OABOARD Web Forum forum.php inc Parameter PHP Code Execution - Ver2 (CVE-2006-0076)
A code execution vulnerability has been reported in OABoard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VEGO Web Forum index.php theme_id Parameter SQL Injection - Ver2 (CVE-2006-0065)
An SQL injection vulnerability has been reported in VEGO Web Forum. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
VEGO Web Forum login.php username Parameter SQL Injection - Ver2 (CVE-2006-0067)
An SQL injection vulnerability has been reported in VEGO Links Builder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
OABOARD Web Forum forum.php inc Parameter PHP Code Execution - Ver2 (CVE-2006-0076)
A code execution vulnerability has been reported in OABoard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VEGO Web Forum index.php theme_id Parameter SQL Injection - Ver2 (CVE-2006-0065)
An SQL injection vulnerability has been reported in VEGO Web Forum. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
[SECURITY] [DSA 2752-1] phpbb3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2752-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 07, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2752-1 (phpbb3 - permissions too wide)
Andreas Beckmann discovered that phpBB, a web forum, as installed in Debian, sets incorrect permissions for cached files, allowing a malicious local user to overwrite them. OpenVAS Vulnerability Test $Id: deb2752.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2752-1...
DSA-2752-1 phpbb3 - too wide permissions
Bulletin has no description...
Latest Al-Qaeda Magazine content hacked by Western intelligence agencies
New issue of English-language al-Qaeda magazine posted on the terror group's website earlier this week linked to the Boston terrorist attacks has possibly been hacked by Western intelligence agencies and its content beyond its cover page was scrambled. The magazine, produced by al Qaeda's Yemeni...
MyBB 1.6.8 'announcements.php'远程SQL注入漏洞
BUGTRAQ ID: 54130 MyBB是一款流行的Web论坛程序。 MyBB 1.6.8没有正确过滤用户提供的输入即用在SQL查询中,导致攻击者利用此漏洞控制应用、访问或修改数据或利用下层数据库中的其他漏洞。 0 MyBB 1.6.8 厂商补丁: MyBB ---- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.mybboard.com/...
MyBB 1.6.6之前版本多个安全漏洞
BUGTRAQ ID: 51962 MyBB是一款流行的Web论坛程序。 MyBB在实现上存在多个安全漏洞,攻击者可利用这些漏洞执行脚本代码、窃取Cookie身份验证凭证、泄露或修改敏感信息或执行非法操作。 0 MyBB 1.x 厂商补丁: MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mybboard.com/...
MyBB 1.x 多个安全漏洞
BUGTRAQ ID: 50816 MyBB是一款流行的Web论坛程序。 MyBB在实现上存在跨站脚本执行、跨站请求伪造和其他多个安全漏洞,攻击者可利用这些漏洞在受影响站点用户浏览器中执行任意脚本,窃取cookie验证凭证,泄露或修改敏感信息或这些非法操作。 1)好友列表中的未解析头像中存在错误; 2)通过用户名传递的输入在返回给用户之前没有正确过滤,导致在受影响站点的用户浏览器中执行任意HTML和脚本代码; 3)应用允许用户通过HTTP请求执行某些操作,但不验证这些请求。可在用户浏览特制的网页时更改语言设置。 MyBB 1.x 厂商补丁: MyBB ----...
CVE-2011-4172
Multiple cross-site scripting XSS vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via 1 an e-mail address field or 2 a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via 1 an e-mail address field or 2 a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984...
CVE-2011-4172
KENT-WEB WEB FORUM (before 5.1) is affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary scripts via the email address field or cookies. Root cause: improper sanitization/execution context in the vulnerable web output. Impact: potential credential theft, session...
CVE-2011-4172
Multiple cross-site scripting XSS vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via 1 an e-mail address field or 2 a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984...
CVE-2011-3983
Cross-site scripting XSS vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies...
CVE-2011-3984
Cross-site scripting XSS vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "web form entries."...
CVE-2011-3383
Cross-site scripting XSS vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "the web page to be output."...
Cross site scripting
Cross-site scripting XSS vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies...