6 matches found
CVE-2005-2571
FunkBoard 0.66CF (and possibly earlier) has an access-control flaw: the admin/mysql_install.php and admin/pg_install.php scripts are not properly restricted, allowing an attacker to obtain the database username and password or inject arbitrary PHP code into info.php. The issue is described as a l...
CVE-2006-2897
CVE-2006-2897 concerns FunkBoard 0.71 and is described as a cross‑site scripting (XSS) vulnerability. The affected component is FunkBoard 0.71; the underlying flaw is not detailed beyond the XSS vector being unspecified, with the NVD entry indicating the vulnerability can lead to HTML or script i...
CVE-2005-2569
Affected software: FunkBoard 0.66CF (and possibly earlier). Vulnerability: multiple cross-site scripting (XSS) flaws allow remote attackers to inject arbitrary script/HTML via numerous parameters across several pages (register.php, editpost.php, prefs.php, newtopic.php, reply.php, profile.php); l...
CVE-2005-2570
CVE-2005-2570 affects FunkBoard 0.66CF and possibly earlier releases. A direct request to forums.php can disclose sensitive information by revealing the path in an error message, enabling information disclosure. The available sources state the flaw but do not provide detailed exploit scenarios, a...
CVE-2006-2896
CVE-2006-2896: FunkBoard CF0.71 suffers from a vulnerability in profile.php where a remote attacker can change arbitrary passwords by tampering with a hidden uid field in the Edit Profile action. Affected component is the profile handling in FunkBoard CF0.71; root cause is the inability to valida...
CVE-2006-5775
Technical details about CVE-2006-5775 are not publicly provided in the connected documents. No explicit affected products, versions, or fixes are detailed here. Monitor for updates.