14 matches found
EUVD-2005-2297
Malware in sbrugna...
YaBBSE 1.x Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may leverage this...
poc301-rfi.txt
-------------------------------------------------- PhpOpenChat = 3.0.1 poc.php Multiple Remote File Include Vulnerabilities -------------------------------------------------- Author : SekoMirza Date Found : Nisan 11 2007 Location : Fransa // ... Critical Lvl : Highly critical Impact : System acce...
YABBSEQuote参数SQL注入漏洞 Exploit
No description provided by source. backspace ([email protected])提供了如下测试方法:...
YABBSE多个跨站脚本执行漏洞(CSS/XSS)
Yabb Se是一款基于PHP/MySQL的论坛程序。 YaBB SE由于不正确的过滤glow和shadow标记,远程攻击者可以利用这个漏洞进行跨站脚本执行攻击,导致敏感信息泄露。 在glow和shadow标记中加入恶意脚本代码,当浏览者读取包含此链接的页面,无需打开就会导致恶意脚本代码在用户浏览器上执行,可使目标用户敏感信息泄露。 YaBB Simple Machines SMF 1.0 b SE 1.5.1 Gold - SP 1.3 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: frog-m@n提供如下第三方补丁: 使用...
YaBBSE 1.x - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may leverage this issue to have arbitrary script co...
YaBBSE 1.x - index.php Cross-Site Scripting
YaBBSE 1.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may...
yabbse-all.txt
Hey str0ke - Are you the same str0ke whose code I've been ripping, damn I guess I better release my first N3td3v Sponsering Disclosure..... NDSD-06-001: YABBSE SQL Injection June 23, 2006 -- Sponsered post http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046903.html -- Affected Vendor...
[Full-disclosure] NDSD-06-001
Hey str0ke - Are you the same str0ke whose code I've been ripping, damn I guess I better release my first N3td3v Sponsering Disclosure..... NDSD-06-001: YABBSE SQL Injection June 23, 2006 -- Sponsered post http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046903.html -- Affected Vendor...
CVE-2005-2296
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssiexamples.php, which reveals the path...
CVE-2005-2296
CVE-2005-2296 affects YabbSE 1.5.5c. The vulnerability allows remote attackers to obtain sensitive information by directly requesting ssi_examples.php, which reveals the installation path. Public details in the provided documents do not specify affected versions beyond 1.5.5c, nor do they describ...
CVE-2005-2296
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssiexamples.php, which reveals the path...
Another YabbSE Remote Code Execution Vulnerability
YabbSE Remote Code Execution 2 Vulnerability By Mindwarper :: [email protected] :: ------- ------- ---------------------- Vendor Information: ---------------------- Homepage : http://www.yabbse.org Vendor : informed Mailed advisory: 24/01/02 Vender Response : None ---------------------- Affecte...
YabbSE Remote Code Execution Vulnerability
YabbSE Remote Code Execution Vulnerability By Mindwarper :: [email protected] :: ------- ------- ---------------------- Vendor Information: ---------------------- Homepage : http://www.yabbse.org Vendor : informed Mailed advisory: 21/01/02 Vender Response : None ---------------------- Affected...