7 matches found
EUVD-2004-2643
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 invisible and 2 timeoffset parameters to profile/controlpanel.asp and the 3 attachmentid parameter to forums/attach-file.asp...
Cross site scripting
Mulatiple cross-site scripting XSS vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 toid parameter to send-private-message.asp and the 2 redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication...
CVE-2008-2023
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 invisible and 2 timeoffset parameters to profile/controlpanel.asp and the 3 attachmentid parameter to forums/attach-file.asp...
CVE-2008-2022
The CVE-2008-2022 entry describes multiple XSS vulnerabilities in PD9 Software MegaBBS 2.2. Affected component paths include send-private-message.asp (via the toid parameter) and admin/impersonate.asp (via the redirect parameter); the second vector requires authentication. The vulnerabilities all...
Cross site scripting
Cross-site scripting XSS vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter...
CVE-2008-0436
CVE-2008-0436 refers to a cross-site scripting (XSS) vulnerability in PD9 Software MegaBBS 1.5.14b. The flaw resides in the profile-upload/upload.asp endpoint, exploitable via the target parameter to inject arbitrary web script or HTML. NVD indicates the attack could be remote and non-authenticat...