Lucene search
K

84 matches found

exploitpack
exploitpack
added 2007/07/20 12:0 a.m.20 views

UseBB 1.0.7 - installupgrade-0-2-3.php?PHP_SELF Cross-Site Scripting

UseBB 1.0.7 - installupgrade-0-2-3.php?PHPSELF Cross-Site Scripting source: https://www.securityfocus.com/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2007/07/20 12:0 a.m.16 views

UseBB 1.0.7 - installupgrade-0-3.php?PHP_SELF Cross-Site Scripting

UseBB 1.0.7 - installupgrade-0-3.php?PHPSELF Cross-Site Scripting source: https://www.securityfocus.com/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/04/21 12:0 a.m.522 views

UseBB Version 1.0.4 Path Disclosure Vulnerability

netVigilance Security Advisory 16 UseBB Version 1.0.4 Path Disclosure Vulnerability Description: UseBB is an Open Source forum package developed in PHP and using the popular MySQL database back-end to store data. Unlike other popular forum systems, UseBB does not strive to have as many features a...

0.5AI score
Exploits0
NVD
NVD
added 2007/04/18 3:19 a.m.17 views

CVE-2007-2066

UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...

5CVSS6.1AI score0.01205EPSS
Exploits0References3
Prion
Prion
added 2007/04/18 3:19 a.m.17 views

Design/Logic Flaw

UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...

5CVSS6.4AI score0.01205EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/04/18 2:20 a.m.50 views

CVE-2007-2066

UseBB prior to 1.0.6 is affected by an information disclosure vulnerability. A remote attacker can obtain sensitive information by sending a request (GET or POST parameters to an unspecified script), which leads to an error message revealing the path. The description specifies the flaw as an info...

5CVSS6.1AI score0.01205EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/04/18 2:20 a.m.16 views

CVE-2007-2066

UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...

6.1AI score0.01205EPSS
Exploits0References3
NVD
NVD
added 2006/05/22 10:2 p.m.15 views

CVE-2006-2524

Cross-site scripting XSS vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format...

6.8CVSS5.7AI score0.01441EPSS
Exploits0References6
Prion
Prion
added 2006/05/22 10:2 p.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format...

6.8CVSS6.1AI score0.01441EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2006/05/22 10:2 p.m.17 views

Sql injection

SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module...

6.4CVSS9.1AI score0.01273EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/05/22 10:2 p.m.18 views

CVE-2006-2525

SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module...

6.4CVSS8.4AI score0.01273EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/05/22 10:0 p.m.21 views

CVE-2006-2524

Cross-site scripting XSS vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format...

5.7AI score0.01441EPSS
Exploits0References6
CVE
CVE
added 2006/05/22 10:0 p.m.53 views

CVE-2006-2525

CVE-2006-2525 affects UseBB 1.0 RC1 and earlier. The vulnerability is a SQL injection in the member list search module that allows remote attackers to execute arbitrary SQL commands. The NVD metrics indicate a medium base score (6.4, CVSS v2) with network access, low attack complexity, and no use...

6.4CVSS8.4AI score0.01273EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/05/22 10:0 p.m.47 views

CVE-2006-2524

CVE-2006-2524 is an XSS vulnerability in UseBB 1.0 RC1 and earlier . The issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors when processing the user date format. According to NVD, the CVSSv2 base score is 6.8 (Medium) with partial confidentiality, integrity, and...

6.8CVSS5.7AI score0.01441EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2005/12/13 11:3 a.m.10 views

CVE-2005-4193

Cross-site scripting XSS vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $SERVER'PHPSELF' variable...

4.3CVSS5.6AI score0.01177EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/12/13 11:0 a.m.16 views

CVE-2005-4193

Cross-site scripting XSS vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $SERVER'PHPSELF' variable...

5.6AI score0.01177EPSS
Exploits0References5
CVE
CVE
added 2005/12/13 11:0 a.m.44 views

CVE-2005-4193

CVE-2005-4193 is an XSS vulnerability in UseBB prior to 0.7, exploitable via the $_SERVER['PHP_SELF'] variable in web requests. The affected component is UseBB’s input handling that processes PHP_SELF; impact is arbitrary scripted HTML in victim pages. The provided docs do not state a fixed versi...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References5
CVE
CVE
added 2005/08/03 4:0 a.m.34 views

CVE-2005-2438

CVE-2005-2438 describes a cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier. The issue allows remote attackers to inject arbitrary JavaScript via the BBCode color value. The provided sources consistently cite the affected product/version and the injection vector, but do not publ...

4.3CVSS6.2AI score0.01208EPSS
Exploits0References5
NVD
NVD
added 2005/08/03 4:0 a.m.13 views

CVE-2005-2438

Cross-site scripting XSS vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value...

4.3CVSS5.9AI score0.01208EPSS
Exploits0References5
CVE
CVE
added 2005/08/03 4:0 a.m.44 views

CVE-2005-2439

UseBB 0.5.1 and earlier contain an SQL injection via the search function when magic_quotes_gpc is disabled. The underlying issue is improper handling of user input in the search feature, enabling remote attackers to execute arbitrary SQL commands. No explicit exploitation details are provided her...

7.5CVSS8.8AI score0.01243EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder