96 matches found
CVE-2006-3662
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code...
PT-2006-4529 · Atutor · Atutor
Name of the Vulnerable Software and Affected Versions: ATutor version 1.5.3 Description: A SQL injection issue in index.php allows remote attackers to execute arbitrary SQL commands via the fid parameter. The vendor has disputed this issue, stating it is not possible, but the source code suggests...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Devsyn Open Bulletin Board OpenBB 1.0.6 allow remote attackers to inject arbitrary web script or HTML via 1 the FID parameter in board.php and 2 the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612...
CVE-2006-2088
Multiple cross-site scripting XSS vulnerabilities in Devsyn Open Bulletin Board OpenBB 1.0.6 allow remote attackers to inject arbitrary web script or HTML via 1 the FID parameter in board.php and 2 the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612...
Sql injection
SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action...
Sql injection
SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter...
CVE-2006-1001
SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter...
CVE-2006-1001
CVE-2006-1001 refers to an SQL injection vulnerability in the board module of LanSuite LanParty Intranet System, affecting versions 2.0.6 and 2.1.0 beta. The underlying issue arises from improper handling of the fid parameter, allowing remote attackers to execute arbitrary SQL commands. The vulne...
CVE-2005-3689
CVE-2005-3689 affects XMB Forum 1.9.2, specifically the post.php file. The vulnerability occurs when processing a newthread action with an invalid fid parameter, enabling remote attackers to disclose the installation path. This is evidenced by multiple connected documents citing: post.php in XMB ...
CVE-2005-2778
The CVE-2005-2778 entry details a SQL injection in MyBulletinBoard (MyBB), specifically in member.php through the fid parameter. A remote attacker can craft input via fid to execute arbitrary SQL statements, with network access and no authentication required (low attack complexity). Affected soft...
CVE-2005-2566
Open Bulletin Board (OpenBB) contains multiple SQL injection vulnerabilities in board.php (FID parameter) and member.php (UID parameter). The affected components are the OpenBB web application’s old board and member handlers, enabling remote attackers to execute arbitrary SQL commands. The CVE-20...
CVE-2005-2299
Multiple cross-site scripting XSS vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the 1 FID parameter to forum.cfm, 2 UID parameter to user.cfm, 3 TID parameter to thread.cfm, or 4 PostDate parameter to search.cfm...
CVE-2005-2299
Multiple cross-site scripting XSS vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the 1 FID parameter to forum.cfm, 2 UID parameter to user.cfm, 3 TID parameter to thread.cfm, or 4 PostDate parameter to search.cfm...
CVE-2003-1176
postmessageform.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID forum ID parameter...
CVE-2004-1966
Multiple SQL injection vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 FID parameter in board.php, 2 sortorder, perpage, or id parameters in member.php, 3 forums parameter in search.php, or 4 PID or FID parameters ...
CVE-2004-2146
CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp...