Bugtraq: [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
Related Files:
Call for papers for the 4th edition of the best Polish IT security conference, CONFIDENCE 2008, which is taking place on May 16th and May 17th, 2008. Homepage: http://2008.confidence.org.pl/.
Multiple vulnerabilities in Coppermine Photo Gallery version 1.2.2b for PhpNuke. These range from small flaws like path disclosure, cross site scripting, and arbitrary directory browsing, to remote command execution on the underlying server. Homepage: http://www.waraxe.us/. Authored By Janek Vind aka waraxe
A critical SQL injection bug exists in Phorum version 3.4.7 that allows a remote attacker to view sensitive data. The problem code lies in userlogin.php. Related exploit here. Homepage: http://www.waraxe.us/. Authored By Janek Vind aka waraxe
MyBulletinBoard aka MyBB versions 1.2.3 and below remote code execution exploit. Homepage: http://www.acid-root.new.fr/. Authored By DarkFig
e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks. Homepage: http://www.waraxe.us/. Authored By Janek Vind aka waraxe
Remote exploit that makes use of a SQL injection vulnerability in Phorum version 3.4.7. Related advisory here. Homepage: http://www.waraxe.us/. Authored By Janek Vind aka waraxe
It is possible to evade the SQL injection filters in PHPNuke 7.8. Homepage: http://www.waraxe.us/. Authored By waraxe
2z project version 0.9.5 is susceptible to SQL injection attacks. Homepage: http://www.waraxe.us/. Authored By waraxe
SiteX CMS version 0.7.3 Beta is susceptible to a SQL injection vulnerability. Homepage: http://www.waraxe.us/. Authored By waraxe
NukeSentinel version 2.5.11 suffers from another critical SQL injection vulnerability. Homepage: http://www.waraxe.us/. Authored By waraxe