5 matches found
CVE-2012-1603
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the 1 curstr parameter in the findUsers function, 2 id parameter in the isIdAvailable function, or 3 username parameter in the getGreetings function...
CVE-2012-1603
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the 1 curstr parameter in the findUsers function, 2 id parameter in the isIdAvailable function, or 3 username parameter in the getGreetings function...
CVE-2012-1603
CVE-2012-1603 affects NextBBS 0.6 via multiple SQL injection vulnerabilities in ajaxserver.php. The issues allow remote attackers to execute arbitrary SQL commands through (1) curstr in findUsers, (2) id in isIdAvailable, or (3) username in getGreetings. The exploitation context is network-based ...
[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0
waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...
NextBBS 0.6.0 Authentication Bypass / SQL Injection / XSS
waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...