4 matches found
EUVD-2006-2089
Malware in sbrugna...
Devsyn Open Bulletin Board Index.PHP远程文件包含漏洞
Devsyn Open Bulletin Board是一款基于PHP的论坛程序。 Devsyn Open Bulletin Board不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Index.PHP'脚本对用户提交的'rootpath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 OpenBB OpenBB 1.0.8 目前没有解决方案提供,请关注以下链接: http://www.openbb.co.uk/...
CVE-2006-2088
Multiple cross-site scripting XSS vulnerabilities in Devsyn Open Bulletin Board OpenBB 1.0.6 allow remote attackers to inject arbitrary web script or HTML via 1 the FID parameter in board.php and 2 the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612...
CVE-2006-2088
Vulnerability summary (CVE-2006-2088) : OpenBB (Devsyn Open Bulletin Board) 1.0.6 is affected by multiple cross-site scripting (XSS) flaws. The vulnerabilities occur in the web interface through user-supplied input: the FID parameter in board.php and the TID parameter in read.php. The issue is ex...