Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Unclassified Newsboard Security Vulnerabilities

cve
cve

CVE-2005-2855

Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field.

6AI Score

0.065EPSS

2005-09-08 10:03 AM
21
cve
cve

CVE-2005-3686

SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.

8.4AI Score

0.005EPSS

2005-11-19 01:03 AM
20
cve
cve

CVE-2006-2405

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] paramete...

6.8AI Score

0.014EPSS

2006-05-16 10:02 AM
27
cve
cve

CVE-2006-2406

Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter...

6.9AI Score

0.003EPSS

2006-05-16 10:02 AM
23
cve
cve

CVE-2007-1597

Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-...

6.8AI Score

0.006EPSS

2007-03-22 11:19 PM
39
cve
cve

CVE-2009-1947

SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686.

8.6AI Score

0.005EPSS

2009-06-05 09:30 PM
24
cve
cve

CVE-2009-1948

Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) inclu...

7.4AI Score

0.007EPSS

2009-06-05 09:30 PM
39
cve
cve

CVE-2009-1949

import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

6.3AI Score

0.003EPSS

2009-06-05 09:30 PM
18