Lucene search

K

Unclassified Security Vulnerabilities

cve
cve

CVE-2009-1948

Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2)...

7.4AI Score

0.007EPSS

2009-06-05 09:30 PM
39
cve
cve

CVE-2009-1949

import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error...

6.3AI Score

0.003EPSS

2009-06-05 09:30 PM
18
cve
cve

CVE-2007-1597

Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for...

6.8AI Score

0.006EPSS

2007-03-22 11:19 PM
37
cve
cve

CVE-2006-2406

Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path...

6.9AI Score

0.003EPSS

2006-05-16 10:02 AM
23
cve
cve

CVE-2006-2405

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset]...

6.8AI Score

0.014EPSS

2006-05-16 10:02 AM
27
cve
cve

CVE-2005-2855

Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description...

6AI Score

0.065EPSS

2005-09-08 10:03 AM
20