7 matches found
EUVD-2008-6061
Malware in sbrugna...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 outpused parameter to index.php, the 2 footercopyright and 3 verandproname parameters to newtem/footer/bsd01footer.php, and the 4 topads and 5 myplugin paramete...
CVE-2008-6431
Multiple cross-site scripting XSS vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 outpused parameter to index.php, the 2 footercopyright and 3 verandproname parameters to newtem/footer/bsd01footer.php, and the 4 topads and 5 myplugin paramete...
CVE-2008-6431
BMForum 5.6 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issue arises from unsafely handling user-supplied input in several parameters: (1) outpused in index.php, (2) footer_copyright and (3) verandproname in newtem/footer/bsd01footer.php, and (4) topads and (5) myplugi...
Sql injection
SQL injection vulnerability in plugins.php in BMForum 5.6, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter...
CVE-2008-6091
CVE-2008-6091 describes an SQL injection in BMForum 5.6 affecting the plugins.php vulnerability when magic_quotes_gpc is disabled. The vulnerable surface is the tagname parameter, enabling remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSS v2 base score of 6.8 (MEDIUM)...
CVE-2008-6091
SQL injection vulnerability in plugins.php in BMForum 5.6, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter...