30 matches found
EUVD-2006-4151
Malware in sbrugna...
EUVD-2006-4267
Malware in sbrugna...
EUVD-2006-4018
Malware in sbrugna...
EUVD-2006-3238
Malware in sbrugna...
XennoBB 2.1 Profile.PHP Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/19374/info XennoBB is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an attacker to compromise th...
XennoBB 1.0.x/2.2 Icon_Topic SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19606/info XennoBB is prone to an SQL-injection vulnerability that could allow an attacker to influence the structure or logic of SQL queries made by the application. --------------------- EXPLOIT ---------------------...
XennoBB 1.0.5/1.0.6/2.1/2.2 Profile.PHP Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19446/info XennoBB is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable syst...
XennoBB Icon_Topic SQL注入漏洞
XennoBB是一款基于PHP的WEB应用程序。 XennoBB不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞提交SQL查询作为参数数据,可获得敏感信息。 问题是'topicpost.php'脚本对用户提交的'icontopic'参数缺少过滤,提交恶意的SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 XennoBB XennoBB 2.2.1 XennoBB XennoBB 2.2 XennoBB XennoBB 2.1 XennoBB XennoBB 1.0.6 XennoBB XennoBB 1.0.5 http://www.xennobb.com/...
xennoBB.txt
--------------------- SUMMARY --------------------- Name: XennoBB "avatar gallery" directory transversal 10/8/2006 Vendor / Product: XennoBB Group http://www.xennobb.com/ Description: The world's most revolutionary and easy to use bulletin board. Revolutionary because it redefines the boundaries ...
XennoBBSQL.txt
--------------------- SUMMARY --------------------- Name: XennoBB "icontopic" SQL Injection 19/8/2006 Vendor / Product: XennoBB Group http://www.xennobb.com/ Description: The world's most revolutionary and easy to use bulletin board. Revolutionary because it redefines the boundaries of usability...
CVE-2006-4279
SQL injection vulnerability in topicpost.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icontopic parameter...
CVE-2006-4279
XennoBB 2.2.1 (and earlier) contains an SQL injection in topic_post.php that can be exploited via the icon_topic parameter, enabling remote arbitrary SQL execution. The issue is documented in CVE-2006-4279 with CVSS v2 base score 7.5 ( HIGH ), reflecting NETWORK attack vector, LOW access complexi...
CVE-2006-4279
SQL injection vulnerability in topicpost.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icontopic parameter...
XennoBB 1.0.x2.2 - Icon_Topic SQL Injection
XennoBB 1.0.x2.2 - IconTopic SQL Injection source: https://www.securityfocus.com/bid/19606/info XennoBB is prone to an SQL-injection vulnerability that could allow an attacker to influence the structure or logic of SQL queries made by the application. --------------------- EXPLOIT...
XennoBB 1.0.x/2.2 - Icon_Topic SQL Injection
source: https://www.securityfocus.com/bid/19606/info XennoBB is prone to an SQL-injection vulnerability that could allow an attacker to influence the structure or logic of SQL queries made by the application. --------------------- EXPLOIT --------------------- Submit a forged POST request to...
XennoBB.txt
--------------------- SUMMARY --------------------- Name: XennoBB "birthday" SQL Injection 6/8/2006 Vendor / Product: XennoBB Group http://www.xennobb.com/ Description: The world's most revolutionary and easy to use bulletin board. Revolutionary because it redefines the boundaries of usability an...
CVE-2006-4161
Directory traversal vulnerability in the avatargallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the category parameter...
CVE-2006-4161
Directory traversal vulnerability in the avatargallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the category parameter...
CVE-2006-4161
CVE-2006-4161 : The provided documents confirm a directory-traversal flaw in XennoBB 2.1.0 and earlier, located in the profile.php avatar_gallery action. An attacker could read arbitrary files by supplying a .. (dot dot) sequence in the category parameter. The NVD entry lists the affected softwar...
XennoBB <= "avatar gallery" Directory Transversal
--------------------- SUMMARY --------------------- Name: XennoBB "avatar gallery" directory transversal 10/8/2006 Vendor / Product: XennoBB Group http://www.xennobb.com/ Description: The world's most revolutionary and easy to use bulletin board. Revolutionary because it redefines the boundaries ...