Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3254 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. | |||||
CVE-2006-3220 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
CVE-2006-2569 | 2 4r Linklist, Woltlab | 2 4r Linklist, Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
CVE-2006-1215 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS. | |||||
CVE-2006-3255 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. | |||||
CVE-2006-1094 | 2 Datenbank Module, Woltlab | 2 Datenbank Module, Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
CVE-2005-1327 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. | |||||
CVE-2006-1034 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS. | |||||
CVE-2006-3218 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
CVE-2005-2673 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters. | |||||
CVE-2006-3219 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter. | |||||
CVE-2006-0927 | 2 Jgs-xa, Woltlab | 2 Jgs-gallery Addon, Burning Board | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php. | |||||
CVE-2006-2792 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
CVE-2002-2021 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
CVE-2002-0903 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value. | |||||
CVE-2002-1505 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. |