Lucene search
K
Wired Community SoftwareWwwthreads

5 matches found

CVE
CVE
added 2006/04/21 10:0 a.m.50 views

CVE-2006-1958

CVE-2006-1958 involves multiple SQL injection vulnerabilities in WWWThreads RC 3. The two attack vectors are (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php, allowing remote attackers to execute arbitrary SQL commands. The CVE description indicates ...

6.4CVSS8.5AI score0.01273EPSS
CVE
CVE
added 2006/07/27 10:0 p.m.46 views

CVE-2006-3909

CVE-2006-3909 is a Cross-site Scripting (XSS) vulnerability in calendar.php of WWWthreads, exploitable by remote attackers who can inject arbitrary web script or HTML through the week parameter. Affects the WWWthreads calendar.php component; root cause is improper handling of user-supplied week d...

6.8CVSS5.9AI score0.02159EPSS
CVE
CVE
added 2006/09/28 12:0 a.m.43 views

CVE-2006-5059

CVE-2006-5059 describes multiple cross-site scripting (XSS) vulnerabilities in WWWthreads, affecting version 5.4.2 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the Cat parameter to a set of PHP scripts (dosearch.php, postlist.php, showmembers.php, faq_...

5.1CVSS6AI score0.0138EPSS
CVE
CVE
added 2000/02/08 5:0 a.m.42 views

CVE-2000-0125

CVE-2000-0125 concerns wwwthreads where numeric data and table names passed to SQL queries are not properly sanitized. The underlying cause is improper input handling in SQL construction, enabling an unauthenticated, remote attacker to gain privileges on the wwwthreads forums. The available recor...

7.5CVSS7.9AI score0.05547EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.42 views

CVE-2002-0223

CVE-2002-0223 affects Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9. The vulnerability allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension but ends with a different, non-accepted extension. The issue is a fi...

7.5CVSS7.3AI score0.01771EPSS