2 results (0.032 seconds)

CVSS: 6.8EPSS: 12%CPEs: 1EXPL: 2

Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) image_upload.php and (2) file_upload.php. Múltiples vulnerabilidades de inclusión de archivo PHP remoto en el módulo Simpleboard de Mambo 1.1.0 y anteriores permite a atacantes remotos ejecutar código PHP de su elección a través de un URL en el parámetro sbp a (1) image_upload.php y (2) file_upload.php. • https://www.exploit-db.com/exploits/1994 http://marc.info/?l=bugtraq&m=115876919804966&w=2 http://secunia.com/advisories/20981 http://securitytracker.com/id?1016824 http://www.osvdb.org/27421 http://www.osvdb.org/28531 http://www.securityfocus.com/archive/1/445716/100/0/threaded http://www.securityfocus.com/bid/18917 http://www.vupen.com/english/advisories/2006/2716 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. NOTE: some sources have stated that the sb_authorname parameter is affected, but it is unclear which field is related to it. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046484.html http://secunia.com/advisories/20409 http://securityreason.com/securityalert/1030 http://www.securityfocus.com/archive/1/435615/100/0/threaded http://www.securityfocus.com/bid/18251 http://www.vupen.com/english/advisories/2006/2111 https://exchange.xforce.ibmcloud.com/vulnerabilities/27021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •