19 matches found
EUVD-2006-5485
Malware in sbrugna...
EUVD-2006-5473
Malware in sbrugna...
EUVD-2008-3025
Malware in sbrugna...
xchangeboard-sql.txt
xchangeboard 1.70 final and lower Bug by: haZl0oh Dork: "Powered by xchangeboard" info:you have to be an registered user to use it like this !!!! there should be a lot more vulns there ; credentials like passwords are saved as cookies .... :D PoC:...
CVE-2008-3035
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter...
Sql injection
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter...
CVE-2008-3035
Affected software: XchangeBoard 1.70 Final and earlier. Vulnerability: SQL injection in newThread.php via the boardID parameter. Impact: Allows remote authenticated users to execute arbitrary SQL commands (partial confidentiality, integrity, and availability impact per NVD). Root cause: Unsafegua...
CVE-2008-3035
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter...
XChangeboard newThread.php文件SQL注入漏洞
BUGTRAQ ID: 30059 Xchangeboard是基于PHP和MySQL的公告牌解决方案。 Xchangeboard的newThread.php文件中没有正确地验证对boardID参数的输入便在SQL查询中使用,这允许远程攻击者通过提交恶意的查询请求执行SQL注入攻击。 Henrik Brinkmann XChangeboard 1.75 Beta Henrik Brinkmann XChangeboard 1.70 Henrik Brinkmann ---------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本...
XchangeBoard 1.70 (boardID) Remote SQL Injection Vulnerability
No description provided by source. xchangeboard 1.70 final and lower Bug by: haZl0oh Dork: "Powered by xchangeboard" info:you have to be an registered user to use it like this !!!! there should be a lot more vulns there ; credentials like passwords are saved as cookies .... :D PoC:...
XchangeBoard 1.70 (boardID) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================== XchangeBoard 1.70 boardID Remote SQL Injection Vulnerability ============================================================== xchangeboard 1.70 final and lower Bug by: haZl0oh...
XchangeBoard 1.70 - boardID SQL Injection
XchangeBoard 1.70 - boardID SQL Injection xchangeboard 1.70 final and lower Bug by: haZl0oh Dork: "Powered by xchangeboard" info:you have to be an registered user to use it like this !!!! there should be a lot more vulns there ; credentials like passwords are saved as cookies .... :D PoC:...
XchangeBoard 1.70 - 'boardID' SQL Injection
xchangeboard 1.70 final and lower Bug by: haZl0oh Dork: "Powered by xchangeboard" info:you have to be an registered user to use it like this !!!! there should be a lot more vulns there ; credentials like passwords are saved as cookies .... :D PoC:...
CVE-2006-5488
SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third par...
CVE-2006-5500
Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 userNick or 2 password parameters. NOTE: the provenance of this information...
CVE-2006-5500
Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 userNick or 2 password parameters. NOTE: the provenance of this information...
CVE-2006-5488
The CVE-2006-5488 entry documents a SQL injection in XchangeBoard 1.70 (and potentially earlier) when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. The cited sources (NVD, CVE list, and third-par...
CVE-2006-5500
CVE-2006-5500 affects XchangeBoard 1.70 and earlier. The checkUser function in inc/DBInterface.php is vulnerable to SQL injection when magic_quotes_gpc is disabled, allowing remote attackers to inject via the (1) userNick or (2) password parameters. Connected documents corroborate this as the vul...
CVE-2006-5488
SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third par...