Real Name | Aliaksandr Hartsuyeu |
---|---|
Email address | private |
Website | evuln.com |
First Active | 2006-01-04 |
Last Active | 2011-02-28 |
eVuln Advisory: discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities
ba1161cfe035a24bc8161b418af746e2350b041ecd0228af2d6fe63cb550535d
CyBoards PHP Lite v1.25 suffers from SQL injection in post.php if magic_quotes_gpc is turned off.
25b52c8d14bf14e8abc261c3a2e971ada7de713336f7557a65f7c4c4b85b198a
Vegas Forum version 1.0 suffers from SQL injection.
45ac70a8bdd5e72938e369b5dafe84ada75903492a47c4c323d049dce6ac57b5
FreeForum version 1.2 is susceptible to PHP code execution and cross site scripting flaws.
b4a88688c8368c2f89f2856c431b289c2361744d9ab961d2b1ba8efd04417424
EKINboard v1.0.3 suffers from XSS and SQL injection vulnerabilities.
5c695afffd1db10633bdd50a5e027ff01f49e6cd189a3c4e0941798cbf0c5f1c
ShoutLIVE v1.1.0 is vulnerable to PHP code execution.
8effbf35e363d8623acf78d3cbca368b3e3ce6b04c14377a8eb9c7907224befe
Simple Machines Forum, or SMF, version 1.0.6 is susceptible to a cross site scripting vulnerable in the X-Forwarded-For directive that can be used to commit attacks against an administrator.
bbb04a2ae436a9b5a1fae7328d29d939bcf34d704c12a5f228d83dc6d734db82
Easy Forum version 2.5 is susceptible to cross site scripting attacks.
2528a10db4d0e57daa651ace1b7150286851c7ea5c9eb12323f0f66b33533f2e
Skate Board version 0.9 is susceptible to SQL injection, cross site scripting, authentication bypass, and PHP code injection flaws.
3a2dd7ec80e31dddd7d038168493fc1516d96e702e32204bf29c7f98ba83733b
E-Blah Platinum is susceptible to cross site scripting via the use of HTTP_REFERER.
55babc2e2971ea8c2ef0b403d2867a558f33e305e565e64a60470a45507252f1
Leif M. Wright's Blog version 3.5 is susceptible to information disclosure, authentication bypass, code execution, and cross site scripting flaws. Exploit details provided.
f39ddb0473140f0584760e53110a3ed5d4f6b2109e11e0b117609ca692e20054
PerlBlog versions 1.09b, 1.09, and 1.08 have been discovered as being susceptible to arbitrary file creation, directory traversal, and cross site scripting flaws. Exploit details provided.
72ed92e21a0f91bb5af613c13b654c8efae4c552a39aac79386469c49866df5b
Quirex versions 2.0 and below suffer from an arbitrary file disclosure vulnerability.
745945ff8b2e17ebefc0ad107dc6634c129580f50bcc5661a7db44bd9ed11fca
Guestext version 1.0 is susceptible to cross site scripting attacks.
325f9ac22671d90b92992e8b0593fdad85244048bb98ab1a9c7d6ae3d153ecd8
Guestext version 1.0 suffers from a remote command execution flaw. Exploitation details provided.
ad8e22d4bd67bd67d25b0053845cdf9707c8101d9110eb03b8f3bb75193c470b
Teca Diary PE version 1.0 is susceptible to SQL injection attacks. Exploitation details provided.
8eb6e205d3a2aacdf35639c2acb12f3308e47da9037f9c177e4824bd4fe395f7
Magic Downloads 1.1.3 allows untrusted users to make changes to config.php.
96bf8fe88d2fd2c64aac14658763937cbe1ed2ea302ca3a8bf2b53a5b96a1a44
Reamday Enterprises Magic News Lite version 1.2.3 is vulnerable to remote code execution.
e3744687c220f765c14c79cfa2a6b44fa9259a239ef033802305a5f454950be6
BirthSys 3.1 suffers from SQL injection.
4bbc6fc29c3fea2a0b6c2f4039628116c26844502ccc25f349ee9e4d6fda7afb
PHP Event Calendar 1.5 - Username and Password isn't sanitized before being written to users.php file. This can be used to make XSS attack or corrupt users data.
6fe33870803ff48653d9b8d93817cbdbd02ddde951340c9cfcce95f0457e37b2
2200net Calendar system suffers from multiple SQL injection vulnerabilities.
701e0768e2d09f72728a2e4fde58e2e3143706d767a2cae20c4cbfbc90181844
M. Blom HTML::BBCode perl module XSS Vulnerabilities
aeb79dbda9134063a6990d67c4e4d244cf5913da9dcf79e35f4207352f53b74a
My Blog 1.63 suffers from XSS in the BBcode url and img tags.
c914c74f20c73972ef5c5ef53d75750677f953ca15cb6366a32d1d3bbc5fbbed
Clever Copy version 3 is susceptible to cross site scripting attacks.
bb659a8d787b7e02bd56556f78253d2a98ac3acb4f3c0e4e65cde661fbfbf38a
phpstatus version 1.0 is susceptible to authentication bypass via SQL injection and an issue with cookie verification.
ac582903f48ff5fb734560491dcfc953a46e989140dabf9069e4768ba27887af