84 matches found
UseBB 1.0.7 - installupgrade-0-2-3.php?PHP_SELF Cross-Site Scripting
UseBB 1.0.7 - installupgrade-0-2-3.php?PHPSELF Cross-Site Scripting source: https://www.securityfocus.com/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
UseBB 1.0.7 - installupgrade-0-3.php?PHP_SELF Cross-Site Scripting
UseBB 1.0.7 - installupgrade-0-3.php?PHPSELF Cross-Site Scripting source: https://www.securityfocus.com/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
UseBB Version 1.0.4 Path Disclosure Vulnerability
netVigilance Security Advisory 16 UseBB Version 1.0.4 Path Disclosure Vulnerability Description: UseBB is an Open Source forum package developed in PHP and using the popular MySQL database back-end to store data. Unlike other popular forum systems, UseBB does not strive to have as many features a...
CVE-2007-2066
UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...
Design/Logic Flaw
UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...
CVE-2007-2066
UseBB prior to 1.0.6 is affected by an information disclosure vulnerability. A remote attacker can obtain sensitive information by sending a request (GET or POST parameters to an unspecified script), which leads to an error message revealing the path. The description specifies the flaw as an info...
CVE-2007-2066
UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...
CVE-2006-2524
Cross-site scripting XSS vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format...
Cross site scripting
Cross-site scripting XSS vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format...
Sql injection
SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module...
CVE-2006-2525
SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module...
CVE-2006-2524
Cross-site scripting XSS vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format...
CVE-2006-2525
CVE-2006-2525 affects UseBB 1.0 RC1 and earlier. The vulnerability is a SQL injection in the member list search module that allows remote attackers to execute arbitrary SQL commands. The NVD metrics indicate a medium base score (6.4, CVSS v2) with network access, low attack complexity, and no use...
CVE-2006-2524
CVE-2006-2524 is an XSS vulnerability in UseBB 1.0 RC1 and earlier . The issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors when processing the user date format. According to NVD, the CVSSv2 base score is 6.8 (Medium) with partial confidentiality, integrity, and...
CVE-2005-4193
Cross-site scripting XSS vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $SERVER'PHPSELF' variable...
CVE-2005-4193
Cross-site scripting XSS vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $SERVER'PHPSELF' variable...
CVE-2005-4193
CVE-2005-4193 is an XSS vulnerability in UseBB prior to 0.7, exploitable via the $_SERVER['PHP_SELF'] variable in web requests. The affected component is UseBB’s input handling that processes PHP_SELF; impact is arbitrary scripted HTML in victim pages. The provided docs do not state a fixed versi...
CVE-2005-2438
CVE-2005-2438 describes a cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier. The issue allows remote attackers to inject arbitrary JavaScript via the BBCode color value. The provided sources consistently cite the affected product/version and the injection vector, but do not publ...
CVE-2005-2438
Cross-site scripting XSS vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value...
CVE-2005-2439
UseBB 0.5.1 and earlier contain an SQL injection via the search function when magic_quotes_gpc is disabled. The underlying issue is improper handling of user input in the search feature, enabling remote attackers to execute arbitrary SQL commands. No explicit exploitation details are provided her...