Lucene search

Quicksilver Forums Security Vulnerabilities

cve

CVE-2008-7064

Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "" (backslash) in the lang parameter to...

7.5AI Score

0.08EPSS

2009-08-25 10:30 AM

cve

CVE-2008-3601

SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search...

9.3AI Score

0.001EPSS

2008-08-12 07:41 PM

cve

CVE-2007-5171

Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified...

7.6AI Score

0.004EPSS

2007-10-01 08:17 PM

cve

CVE-2007-5172

Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error...

7.1AI Score

0.004EPSS

2007-10-01 08:17 PM

cve

CVE-2006-4824

PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path]...

8.3AI Score

0.153EPSS

2006-09-15 10:07 PM

cve

CVE-2005-4030

SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT...

9.3AI Score

0.007EPSS

2005-12-06 11:03 AM