8 matches found
CVE-2009-1277
CVE-2009-1277 concerns Gravity Board X (GBX) 2.0 Beta. The vulnerability is a SQL injection in index.php via the member_id parameter in a viewprofile action, enabling remote attackers to execute arbitrary SQL commands. The entry notes that a separate board_id issue is covered by CVE-2008-2996. Co...
CVE-2009-1278
Gravity Board X (GBX) 2.0 BETA has a static code injection in forms/ajax/configure.php that allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. Affected: GBX 2.0 BETA; vulnerable file: forms/ajax/configure.php. Root cause: configuration work...
CVE-2008-2997
CVE-2008-2997 : XSS vulnerability in Gravity Board X (GBX) 2.0 Beta. In GBX’s index.php, the subject parameter in the postnewsubmit (create new thread) action can be exploited to inject arbitrary script/HTML. This remote vector could affect users who submit a thread, with the impact described as ...
CVE-2005-2563
CVE-2005-2563 involves multiple XSS vulnerabilities in Gravity Board X (GBX) 1.1. The flaws allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php and (2) the template. The cited sources describe the affected software and the two attack ve...
CVE-2005-2562
CVE-2005-2562 is an SQL injection vulnerability in Gravity Board X (GBX) 1.1 that allows remote attackers to bypass authentication via the login field and execute arbitrary SQL commands. Multiple connected documents corroborate injections affecting GBX 1.1, enabling credential bypass and potentia...
CVE-2005-2564
CVE-2005-2564 affects Gravity Board X (GBX) 1.1. It is a direct static code injection vulnerability in editcss.php where the csscontent parameter is directly inserted into gbxfinal.css, allowing remote attackers to execute arbitrary PHP code, HTML, and script. The NVD entry documents a network-ex...
CVE-2005-2563
Multiple cross-site scripting XSS vulnerabilities in Gravity Board X GBX 1.1 allow remote attackers to inject arbitrary web script or HTML via 1 the boardid parameter to deletethread.php or 2 the template...
CVE-2005-2565
CVE-2005-2565 concerns Gravity Board X (GBX) 1.1. The vulnerability is an information-disclosure in which error messages from several GBX pages (e.g., deletethread.php with a perm value, ban.php, addnews.php, banned.php, boardstats.php, adminform.php, /forms/admininfo.php, /forms/announcements.ph...