web.lib.unb.ca Cross Site Scripting vulnerability OBB-3895936

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fis.unb.br XSS vulnerability

Open Bug Bounty ID: OBB-441447 Description| Value ---|--- Affected Website:| fis.unb.br Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

Directory traversal

Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard UNB 1.6.4, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to 1 read arbitrary recently-modified files via a .. dot dot in the GLOBALSfilename parameter or 2 include and...

CVE-2009-1949

importwbb1.php in Unclassified NewsBoard UNB 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...

CVE-2009-1948

Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard UNB 1.6.4, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to 1 read arbitrary recently-modified files via a .. dot dot in the GLOBALSfilename parameter or 2 include and...

CVE-2009-1948

CVE-2009-1948 : Multiple directory traversal vulnerabilities in Unclassified NewsBoard (UNB) 1.6.4, triggered when register_globals is enabled and magic_quotes_gpc is disabled. An attacker can cause a local file read by inserting a .. path in the GLOBALS[filename] parameter, or include and execut...

Directory traversal

Directory traversal vulnerability in unblib/abbc.conf.php in Unclassified NewsBoard UNB 1.6.1 patch 1 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via .. dot dot sequences and a trailing null byte %00 in the ABBCConfigsmileset parameter to...

CVE-2006-2405

CVE-2006-2405 affects Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier. A directory traversal flaw in unb_lib/abbc.conf.php allows remote inclusion of arbitrary files when register_globals is enabled, via dot-dot sequences and a trailing null byte (%00) in ABBC[Config][smileset] sent to unb...