157 matches found
JVN#40523785: Mini Thread vulnerable to cross-site scripting
Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user...
CVE-2023-50760 Online Notice Board System v1.0 - Insecure File Upload
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...
CVE-2023-50760 Online Notice Board System v1.0 - Insecure File Upload
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...
CVE-2023-50760
CVE-2023-50760 affects Online Notice Board System v1.0. The vulnerability is an insecure file upload flaw in the f parameter of the user/update_profile_pic.php page, allowing an authenticated attacker to achieve Remote Code Execution on the server hosting the application. Other connected sources ...
CVE-2023-50743
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50753
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...
Sql injection
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database...
Sql injection
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50753 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50753 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50753
CVE-2023-50753 affects Online Notice Board System v1.0. The vulnerability is an unauthenticated SQL injection in the dd parameter of the user/update_profile.php endpoint, where input is not validated and is sent unfiltered to the database. This results in potential data exposure/modification due ...
CVE-2023-50752 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50752
Online Notice Board System v1.0 is affected by multiple unauthenticated SQL Injection vulnerabilities. The issue targets the login.php resource, where the e parameter is not validated and is sent unfiltered to the database, enabling potential arbitrary SQL execution without authentication. The CV...
CVE-2023-50743 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50743
CVE-2023-50743 affects Online Notice Board System v1.0. The vulnerability is unauthenticated SQL Injection in the dd parameter of registration.php, where input is not validated and sent unfiltered to the database. Impact is stated as high for confidentiality, integrity, and availability. Exploita...
Online Notice Board System Code Issue Vulnerability
Online Notice Board System is an online bulletin board system. A security vulnerability exists in version v1.0 of the Online Notice Board System, which stems from an insecure file upload vulnerability in the f parameter of the user/updateprofilepic.php page...
Online Notice Board System SQL Injection Vulnerability
Online Notice Board System is an online bulletin board system. A SQL injection vulnerability exists in Online Notice Board System v1.0, which occurs when the dd parameter of the registration.php page is processed without filtering and sent to the database for processing...
PT-2022-24983 · Gnuboard5 · Gnuboard5
Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.5.8.2.1 Description: A problem was found in the FAQ Key ID Handler component, specifically in the file bbs/faq.php. The issue arises from the manipulation of the fm id argument, leading to cross-site scripting...
Bulletin Board System File Upload Vulnerability (CNVD-2022-63667)
Bulletin Board System is a web forum. bulletin Board System is vulnerable to file upload, which can be exploited by attackers to execute arbitrary code...
CVE-2021-43102
A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code...