69 matches found
EUVD-2004-0291
Malware in sbrugna...
EUVD-2006-3272
Malware in sbrugna...
EUVD-2004-0343
Malware in sbrugna...
EUVD-2004-2744
Malware in sbrugna...
EUVD-2004-1656
Malware in sbrugna...
EUVD-2004-0344
Malware in sbrugna...
EUVD-2003-0270
Malware in sbrugna...
YaBB SE 1.5.x Arbitrary File Deletion
No description provided by source. source: http://www.securityfocus.com/bid/9774/info It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successfu...
YABB 1.4.1 SE Reminder.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6591/info It has been reported that a problem exists in the Reminder.php script distributed as part of YaBB SE. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the...
YABB SE 1.x SSI.PHP ID_MEMBER SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the SSI.php script distributed as part of YaBB SE. Due to insufficient...
YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilites
No description provided by source. source: http://www.securityfocus.com/bid/9873/info It has been reported that YaBB and YaBB SE are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the applications to properly validate URI supplied user input. Attacker...
YABB SE 0.8/1.4/1.5 Packages.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6663/info YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed by YABB SE. This may...
YABB SE 1.5 Quote Parameter SQL Injection Vulnerability
No description provided by source...
YaBB SE <= 1.5.5 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl YaBB SE version = 1.5.5 commands execution exploit by RST/GHC GUI version = THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE coded by 1dt.w0lf http://rst.void.ru http://ghc.ru use Tk; use Tk::Menu; use LWP::UserAgent; $top = MainWindow-new...
YaBB SE 1.5.x Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/9774/info It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successfu...
YaBB SE Cookie安全绕过漏洞
YaBB SE是一款基于PHP的论坛程序。 YaBB SE存在COOKIE验证绕过问题,远程攻击者可以利用漏洞未授权访问应用程序。 攻击者可以使用特殊构建的值作为COOKIE信息,以任意用户身份访问应用程序,并以WEB权限执行任意命令。 YaBB SE YaBB SE 1.5.5 b YaBB SE YaBB SE 1.5.5 YaBB SE YaBB SE 1.5.4 YaBB SE YaBB SE 1.5.3 YaBB SE YaBB SE 1.5.2 YaBB SE YaBB SE 1.5.1 YaBB SE YaBB SE 1.5 .1 RC1 YaBB SE YaBB SE 1...
yabb155-exec.txt
!/usr/bin/perl YaBB SE version new; $top-title"r57yabbse155ceGUI"; $top-resizable0,0; $url = 'http://server/forum/index.php'; $id = '1'; $cookiename = 'YaBBSE155'; $cmd = 'ls -la; id; uname -a;'; $button1text = 'Found admin ID'; $foundadminid = \ $stop = 0; $xpl = LWP::UserAgent-new or die;...
YaBB SE <= 1.5.5 Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl YaBB SE version = 1.5.5 commands execution exploit by RST/GHC GUI version = THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE coded by 1dt.w0lf http://rst.void.ru http://ghc.ru use Tk; use Tk::Menu; use LWP::UserAgent; $top = MainWindow-new...
YaBB SE Cookie Authentication Bypass
The remote host is running YaBB SE, a web-based forum written in PHP. The version of YaBB SE installed on the remote host allows use of a cookie to bypass authentication. A remote attacker can leverage this issue using a specially crafted value for the cookie to gain access as any user, including...
YaBB SE <= 1.5.5 Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================= YaBB SE new; $top-title"r57yabbse155ceGUI"; $top-resizable0,0; $url = 'http://server/forum/index.php'; $id = '1'; $cookiename = 'YaBBSE155'; $cmd = 'ls -la; id; uname -a;'; $button1text =...