5 matches found
CVE-2006-1958
CVE-2006-1958 involves multiple SQL injection vulnerabilities in WWWThreads RC 3. The two attack vectors are (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php, allowing remote attackers to execute arbitrary SQL commands. The CVE description indicates ...
CVE-2006-3909
CVE-2006-3909 is a Cross-site Scripting (XSS) vulnerability in calendar.php of WWWthreads, exploitable by remote attackers who can inject arbitrary web script or HTML through the week parameter. Affects the WWWthreads calendar.php component; root cause is improper handling of user-supplied week d...
CVE-2006-5059
CVE-2006-5059 describes multiple cross-site scripting (XSS) vulnerabilities in WWWthreads, affecting version 5.4.2 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the Cat parameter to a set of PHP scripts (dosearch.php, postlist.php, showmembers.php, faq_...
CVE-2000-0125
CVE-2000-0125 concerns wwwthreads where numeric data and table names passed to SQL queries are not properly sanitized. The underlying cause is improper input handling in SQL construction, enabling an unauthenticated, remote attacker to gain privileges on the wwwthreads forums. The available recor...
CVE-2002-0223
CVE-2002-0223 affects Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9. The vulnerability allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension but ends with a different, non-accepted extension. The issue is a fi...