14 matches found
EUVD-2005-2297
Malware in sbrugna...
YaBBSE 1.x Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may leverage this...
poc301-rfi.txt
-------------------------------------------------- PhpOpenChat = 3.0.1 poc.php Multiple Remote File Include Vulnerabilities -------------------------------------------------- Author : SekoMirza Date Found : Nisan 11 2007 Location : Fransa // ... Critical Lvl : Highly critical Impact : System acce...
YABBSEQuote参数SQL注入漏洞 Exploit
No description provided by source. backspace ([email protected])提供了如下测试方法:...
YABBSE多个跨站脚本执行漏洞(CSS/XSS)
Yabb Se是一款基于PHP/MySQL的论坛程序。 YaBB SE由于不正确的过滤glow和shadow标记,远程攻击者可以利用这个漏洞进行跨站脚本执行攻击,导致敏感信息泄露。 在glow和shadow标记中加入恶意脚本代码,当浏览者读取包含此链接的页面,无需打开就会导致恶意脚本代码在用户浏览器上执行,可使目标用户敏感信息泄露。 YaBB Simple Machines SMF 1.0 b SE 1.5.1 Gold - SP 1.3 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: frog-m@n提供如下第三方补丁: 使用...
YaBBSE 1.x - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may leverage this issue to have arbitrary script co...
YaBBSE 1.x - index.php Cross-Site Scripting
YaBBSE 1.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may...
yabbse-all.txt
Hey str0ke - Are you the same str0ke whose code I've been ripping, damn I guess I better release my first N3td3v Sponsering Disclosure..... NDSD-06-001: YABBSE SQL Injection June 23, 2006 -- Sponsered post http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046903.html -- Affected Vendor...
[Full-disclosure] NDSD-06-001
Hey str0ke - Are you the same str0ke whose code I've been ripping, damn I guess I better release my first N3td3v Sponsering Disclosure..... NDSD-06-001: YABBSE SQL Injection June 23, 2006 -- Sponsered post http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046903.html -- Affected Vendor...
CVE-2005-2296
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssiexamples.php, which reveals the path...
CVE-2005-2296
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssiexamples.php, which reveals the path...
CVE-2005-2296
CVE-2005-2296 affects YabbSE 1.5.5c. The vulnerability allows remote attackers to obtain sensitive information by directly requesting ssi_examples.php, which reveals the installation path. Public details in the provided documents do not specify affected versions beyond 1.5.5c, nor do they describ...
Another YabbSE Remote Code Execution Vulnerability
YabbSE Remote Code Execution 2 Vulnerability By Mindwarper :: [email protected] :: ------- ------- ---------------------- Vendor Information: ---------------------- Homepage : http://www.yabbse.org Vendor : informed Mailed advisory: 24/01/02 Vender Response : None ---------------------- Affecte...
YabbSE Remote Code Execution Vulnerability
YabbSE Remote Code Execution Vulnerability By Mindwarper :: [email protected] :: ------- ------- ---------------------- Vendor Information: ---------------------- Homepage : http://www.yabbse.org Vendor : informed Mailed advisory: 21/01/02 Vender Response : None ---------------------- Affected...