50 matches found
EUVD-2004-2744
Malware in sbrugna...
EUVD-2004-1656
Malware in sbrugna...
EUVD-2004-0344
Malware in sbrugna...
EUVD-2004-0343
Malware in sbrugna...
EUVD-2004-0291
Malware in sbrugna...
EUVD-2006-3272
Malware in sbrugna...
YABB 1.4.1 SE Reminder.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6591/info It has been reported that a problem exists in the Reminder.php script distributed as part of YaBB SE. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the...
YaBB SE 1.5.x Arbitrary File Deletion
No description provided by source. source: http://www.securityfocus.com/bid/9774/info It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successfu...
YaBB SE 1.5.x Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/9774/info It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successfu...
YABB SE 0.8/1.4/1.5 Packages.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6663/info YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed by YABB SE. This may...
YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilites
No description provided by source. source: http://www.securityfocus.com/bid/9873/info It has been reported that YaBB and YaBB SE are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the applications to properly validate URI supplied user input. Attacker...
YABB SE 1.x SSI.PHP ID_MEMBER SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the SSI.php script distributed as part of YaBB SE. Due to insufficient...
YaBB SE Cookie安全绕过漏洞
YaBB SE是一款基于PHP的论坛程序。 YaBB SE存在COOKIE验证绕过问题,远程攻击者可以利用漏洞未授权访问应用程序。 攻击者可以使用特殊构建的值作为COOKIE信息,以任意用户身份访问应用程序,并以WEB权限执行任意命令。 YaBB SE YaBB SE 1.5.5 b YaBB SE YaBB SE 1.5.5 YaBB SE YaBB SE 1.5.4 YaBB SE YaBB SE 1.5.3 YaBB SE YaBB SE 1.5.2 YaBB SE YaBB SE 1.5.1 YaBB SE YaBB SE 1.5 .1 RC1 YaBB SE YaBB SE 1...
yabb155-exec.txt
!/usr/bin/perl YaBB SE version new; $top-title"r57yabbse155ceGUI"; $top-resizable0,0; $url = 'http://server/forum/index.php'; $id = '1'; $cookiename = 'YaBBSE155'; $cmd = 'ls -la; id; uname -a;'; $button1text = 'Found admin ID'; $foundadminid = \ $stop = 0; $xpl = LWP::UserAgent-new or die;...
YaBB SE Cookie Authentication Bypass
The remote host is running YaBB SE, a web-based forum written in PHP. The version of YaBB SE installed on the remote host allows use of a cookie to bypass authentication. A remote attacker can leverage this issue using a specially crafted value for the cookie to gain access as any user, including...
YaBB SE 1.5.5 - Remote Command Execution
YaBB SE 1.5.5 - Remote Command Execution !/usr/bin/perl YaBB SE version new; $top-title"r57yabbse155ceGUI"; $top-resizable0,0; $url = 'http://server/forum/index.php'; $id = '1'; $cookiename = 'YaBBSE155'; $cmd = 'ls -la; id; uname -a;'; $button1text = 'Found admin ID'; $foundadminid = \ $stop = 0...
YaBB SE <= 1.5.5 Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================= YaBB SE new; $top-title"r57yabbse155ceGUI"; $top-resizable0,0; $url = 'http://server/forum/index.php'; $id = '1'; $cookiename = 'YaBBSE155'; $cmd = 'ls -la; id; uname -a;'; $button1text =...
CVE-2004-2754
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the IDMEMBER parameter to the 1 recentTopics and 2 welcome functions...
CVE-2006-3275
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action...
CVE-2006-3275
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action...