Boastmachine@3.1 Security Vulnerabilities and Issues — Boastmachine@3.1 CVE List

Lucene search

Kailash NadhBoastmachine3.1

5 matches found

CVE•added 2006/07/25 1:22 p.m.•44 views

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this ...

4CVSS6.5AI score0.00202EPSS

CVE•added 2006/07/25 1:22 p.m.•38 views

CVE-2006-3826

Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in register.php; and allow remote authenticated administra...

4.3CVSS5.7AI score0.00507EPSS

CVE•added 2006/07/25 1:22 p.m.•36 views

CVE-2006-3829

Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action.

5CVSS7.3AI score0.00465EPSS

CVE•added 2006/07/25 1:22 p.m.•33 views

CVE-2006-3828

Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by...

6.5CVSS7.7AI score0.00306EPSS

CVE•added 2006/07/25 1:22 p.m.•31 views

CVE-2006-3827

SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.

6.5CVSS8.3AI score0.00669EPSS