web.lib.unb.ca Cross Site Scripting vulnerability OBB-3895936

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fis.unb.br XSS vulnerability

Open Bug Bounty ID: OBB-441447 Description| Value ---|--- Affected Website:| fis.unb.br Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2009-1949

importwbb1.php in Unclassified NewsBoard UNB 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...

Directory traversal

Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard UNB 1.6.4, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to 1 read arbitrary recently-modified files via a .. dot dot in the GLOBALSfilename parameter or 2 include and...

CVE-2009-1948

Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard UNB 1.6.4, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to 1 read arbitrary recently-modified files via a .. dot dot in the GLOBALSfilename parameter or 2 include and...

CVE-2009-1948

CVE-2009-1948 : Multiple directory traversal vulnerabilities in Unclassified NewsBoard (UNB) 1.6.4, triggered when register_globals is enabled and magic_quotes_gpc is disabled. An attacker can cause a local file read by inserting a .. path in the GLOBALS[filename] parameter, or include and execut...

Directory traversal

Directory traversal vulnerability in unblib/abbc.conf.php in Unclassified NewsBoard UNB 1.6.1 patch 1 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via .. dot dot sequences and a trailing null byte %00 in the ABBCConfigsmileset parameter to...

CVE-2006-2405

CVE-2006-2405 affects Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier. A directory traversal flaw in unb_lib/abbc.conf.php allows remote inclusion of arbitrary files when register_globals is enabled, via dot-dot sequences and a trailing null byte (%00) in ABBC[Config][smileset] sent to unb...