10 matches found
EUVD-2007-4072
Malware in sbrugna...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 f, 3 quote, and 4 act parameters to cp.php; the 5 u parameter to user.php; the 6 f parameter to post.php; the 7 s parameter to topic.php; the 8 quot...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the URI to inc/lib/screen.php or 2 the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is...
CVE-2007-4088
CVE-2007-4088 documents multiple XSS vulnerabilities in Vikingboard 0.1.2. The issues allow remote injection of arbitrary script or HTML via numerous parameters across several scripts: cp.php (id, f, quote, act), user.php (u), post.php (f, s, 6–11), topic.php (s), search.php (toshow via dosearch)...
CVE-2007-4090
CVE-2007-4090 describes multiple XSS vulnerabilities in Vikingboard 0.1.2. The flaws allow remote attackers to inject script/HTML via (1) the URI to inc/lib/screen.php and (2) the title parameter to post.php; vector 2 may overlap CVE-2006-6283. The provenance is noted as unknown and information i...
CVE-2006-6284
Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. dot dot sequence in the act parameter...
CVE-2006-6284
Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. dot dot sequence in the act parameter...
CVE-2006-6282
Vulnerability: Vikingboard 0.1b is affected by CVE-2006-6282 (and related CVE-2006-4709) due to a SQL injection in topic.php via the s parameter. The issue can allow remote attackers to trigger a forced SQL error or execute arbitrary SQL commands. Affected component/file: topic.php in Vikingboard...
CVE-2006-6282
members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if displayerrors is enabled, but due to lack of details, even this is not clear...
CVE-2006-6284
CVE-2006-6284 affects Vikingboard 0.1.2. A directory traversal vulnerability in the file admin.php allows remote authenticated administrators to include arbitrary files via a .. sequence in the act parameter. According to NVD, the vulnerability has a CVSS v2 base score of 9.0 (HIGH) with network ...