Lucene search
+L

157 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.17 views

JVN#40523785: Mini Thread vulnerable to cross-site scripting

Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user...

5.4CVSS6.2AI score0.00293EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/01/04 2:24 p.m.11 views

CVE-2023-50760 Online Notice Board System v1.0 - Insecure File Upload

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...

8.8CVSS7.3AI score0.01213EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/01/04 2:24 p.m.40 views

CVE-2023-50760 Online Notice Board System v1.0 - Insecure File Upload

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...

8.8CVSS9AI score0.01213EPSS
Exploits1References2
CVE
CVE
added 2024/01/04 2:24 p.m.46 views

CVE-2023-50760

CVE-2023-50760 affects Online Notice Board System v1.0. The vulnerability is an insecure file upload flaw in the f parameter of the user/update_profile_pic.php page, allowing an authenticated attacker to achieve Remote Code Execution on the server hosting the application. Other connected sources ...

8.8CVSS8.7AI score0.01213EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/01/04 2:15 p.m.5 views

CVE-2023-50743

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References2
NVD
NVD
added 2024/01/04 2:15 p.m.16 views

CVE-2023-50753

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
Prion
Prion
added 2024/01/04 2:15 p.m.20 views

Sql injection

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database...

7.5CVSS8.6AI score0.00672EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/01/04 2:15 p.m.13 views

Sql injection

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

7.5CVSS8.6AI score0.00672EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/04 2:10 p.m.5 views

CVE-2023-50753 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/01/04 2:10 p.m.20 views

CVE-2023-50753 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
CVE
CVE
added 2024/01/04 2:10 p.m.37 views

CVE-2023-50753

CVE-2023-50753 affects Online Notice Board System v1.0. The vulnerability is an unauthenticated SQL injection in the dd parameter of the user/update_profile.php endpoint, where input is not validated and is sent unfiltered to the database. This results in potential data exposure/modification due ...

9.8CVSS9.8AI score0.00672EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/04 2:9 p.m.13 views

CVE-2023-50752 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.2AI score0.00672EPSS
Exploits1References2
CVE
CVE
added 2024/01/04 2:9 p.m.46 views

CVE-2023-50752

Online Notice Board System v1.0 is affected by multiple unauthenticated SQL Injection vulnerabilities. The issue targets the login.php resource, where the e parameter is not validated and is sent unfiltered to the database, enabling potential arbitrary SQL execution without authentication. The CV...

9.8CVSS9.8AI score0.00672EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/04 2:8 p.m.6 views

CVE-2023-50743 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
CVE
CVE
added 2024/01/04 2:8 p.m.39 views

CVE-2023-50743

CVE-2023-50743 affects Online Notice Board System v1.0. The vulnerability is unauthenticated SQL Injection in the dd parameter of registration.php, where input is not validated and sent unfiltered to the database. Impact is stated as high for confidentiality, integrity, and availability. Exploita...

9.8CVSS9.8AI score0.00672EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.4 views

Online Notice Board System Code Issue Vulnerability

Online Notice Board System is an online bulletin board system. A security vulnerability exists in version v1.0 of the Online Notice Board System, which stems from an insecure file upload vulnerability in the f parameter of the user/updateprofilepic.php page...

8.8CVSS7AI score0.01213EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.7 views

Online Notice Board System SQL Injection Vulnerability

Online Notice Board System is an online bulletin board system. A SQL injection vulnerability exists in Online Notice Board System v1.0, which occurs when the dd parameter of the registration.php page is processed without filtering and sent to the database for processing...

9.8CVSS8AI score0.00672EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/12 12:0 a.m.11 views

PT-2022-24983 · Gnuboard5 · Gnuboard5

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.5.8.2.1 Description: A problem was found in the FAQ Key ID Handler component, specifically in the file bbs/faq.php. The issue arises from the manipulation of the fm id argument, leading to cross-site scripting...

5.4CVSS6.4AI score0.00385EPSS
Exploits0References7
CNVD
CNVD
added 2022/03/29 12:0 a.m.27 views

Bulletin Board System File Upload Vulnerability (CNVD-2022-63667)

Bulletin Board System is a web forum. bulletin Board System is vulnerable to file upload, which can be exploited by attackers to execute arbitrary code...

7.2CVSS4.7AI score0.01528EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/03/28 10:15 p.m.2 views

CVE-2021-43102

A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code...

7.2CVSS7.3AI score0.01528EPSS
Exploits1References2
Rows per page
Query Builder