Filtered by vendor Unclassified Newsboard
Subscribe
Filtered by product Unclassified Newsboard
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1597 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2024-11-21 | 5.0 MEDIUM | N/A |
Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log. | |||||
CVE-2006-2406 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2024-11-21 | 2.6 LOW | N/A |
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter. | |||||
CVE-2006-2405 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2024-11-21 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php. | |||||
CVE-2005-2855 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field. |