Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:22 a.m.10 views

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...

4CVSS6.6AI score0.00812EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-3825

Malware in sbrugna...

5CVSS6.4AI score0.01366EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2010/06/08 12:0 a.m.131 views

boastMachine 3.1 Cross Site Scripting

Vulnerability ID: HTB22399 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinboastmachine.html Product: boastMachine Vendor: Kailash Nadh Vulnerable Version: 3.1 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/06/07 12:0 a.m.69 views

XSS vulnerability in boastMachine

Vulnerability ID: HTB22399 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinboastmachine.html Product: boastMachine Vendor: Kailash Nadh Vulnerable Version: 3.1 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2010/06/07 12:0 a.m.52 views

SQL injection vulnerability in boastMachine

Vulnerability ID: HTB22398 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinboastmachine.html Product: boastMachine Vendor: Kailash Nadh Vulnerable Version: 3.1 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...

0.8AI score
Exploits0
NVD
NVD
added 2006/07/25 1:22 p.m.13 views

CVE-2006-3827

SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter...

6.5CVSS8AI score0.01213EPSS
Exploits1References7
NVD
NVD
added 2006/07/25 1:22 p.m.12 views

CVE-2006-3831

The Backup selection in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file...

5CVSS6.2AI score0.01366EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/07/25 12:0 a.m.18 views

CVE-2006-3826

Multiple cross-site scripting XSS vulnerabilities in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 userlogin, 2 fullname, and 3 URL parameters in register.php; and allow remote authenticated administrators to...

5.5AI score0.01359EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/07/25 12:0 a.m.23 views

CVE-2006-3828

Incomplete blacklist vulnerability in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign characters, "UNION," and "SELECT," which are not filtered by the...

7.3AI score0.01183EPSS
Exploits1References6
Cvelist
Cvelist
added 2006/07/25 12:0 a.m.16 views

CVE-2006-3831

The Backup selection in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file...

6.2AI score0.01366EPSS
Exploits0References5
CVE
CVE
added 2006/07/25 12:0 a.m.48 views

CVE-2006-3831

The CVE-2006-3831 issue affects Kailash Nadh boastMachine (formerly bMachine) versions up to 3.1. The backup feature creates database backups with predictable filenames and stores them under the web root with insufficient access controls, enabling remote attackers to download a backup file and ob...

5CVSS6.6AI score0.01366EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2006/07/25 12:0 a.m.47 views

CVE-2006-3829

CVE-2006-3829 affects Kailash Nadh boastMachine (formerly bMachine) up to version 3.1 and earlier. The issue is a Cross-site request Forgery (CSRF) in bmc/admin.php that allows remote attackers to perform actions as an administrator and delete arbitrary user accounts via a delete_user action. The...

5CVSS7.3AI score0.01381EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2006/07/25 12:0 a.m.45 views

CVE-2006-3827

The CVE-2006-3827 entry affects Kailash Nadh’s boastMachine (formerly bMachine) up to v3.1. The issue is an SQL injection in bmc/Inc/core/admin/search.inc.php, exploitable by remote authenticated administrators via the blog parameter. This is caused by unsanitized input being used in SQL queries,...

6.5CVSS8.3AI score0.01213EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2006/07/25 12:0 a.m.48 views

CVE-2006-3826

CVE-2006-3826: XSS in Kailash Nadh boastMachine (3.1 and earlier) allows remote injection via register.php parameters (user_login, full_name, URL) and via admin interface parameters (cat_list, key); no exploitation status or patch details are provided in the connected documents.

4.3CVSS5.7AI score0.01359EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2006/07/25 12:0 a.m.20 views

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...

6.2AI score0.00812EPSS
Exploits1References2
Cvelist
Cvelist
added 2006/07/25 12:0 a.m.16 views

CVE-2006-3827

SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter...

8AI score0.01213EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/07/25 12:0 a.m.12 views

CVE-2006-3829

Cross-site request forgery CSRF vulnerability in bmc/admin.php in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a deleteuser action...

6.9AI score0.01381EPSS
Exploits1References5
CVE
CVE
added 2006/07/25 12:0 a.m.44 views

CVE-2006-3828

The CVE-2006-3828 entry concerns Kailash Nadh’s boastMachine (formerly bMachine)

6.5CVSS7.7AI score0.01183EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder