4 matches found
CVE-2006-0154
The CVE-2006-0154 issue affects the 427BB software (versions 2.2 and 2.2.1) in the showthread.php component, where the ForumID parameter causes a SQL injection vulnerability. The root cause is an unvalidated input path in the showthread.php handler, allowing remote attackers to execute arbitrary ...
CVE-2006-0153
CVE-2006-0153 affects 427BB Fourtwosevenbb (versions 2.2 and 2.2.1) where authentication credentials are verified using username, authenticated, and usertype cookies. The vulnerability allows remote attackers to bypass authentication by crafting a valid username and usertype and setting the authe...
CVE-2006-0155
CVE-2006-0155 describes a cross-site scripting (XSS) flaw in the 427BB web app, specifically in posts.php across versions 2.2 and 2.2.1. The issue arises when a user submits a new message that uses a url BBCode tag containing a javascript URI, allowing remote attackers to inject arbitrary JavaScr...
CVE-2005-0629
The CVE-2005-0629 issue concerns multiple XSS vulnerabilities in profile.php of 427BB 2.2. The vulnerability is triggered by the (1) user or (2) Avatar parameters, allowing remote attackers to inject arbitrary web script or HTML. The NVD entry documents a MEDIUM severity (CVSS v2: AV:N/AC:M/Au:N/...