CVE-2008-5435
https://notcve.org/view.php?id=CVE-2008-5435
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en moderate.php en PunBB antes de 1.3.1 permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través del asunto de un tema. • http://osvdb.org/50680 http://punbb.informer.com http://www.openwall.com/lists/oss-security/2008/12/09/3 http://www.securityfocus.com/bid/32800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-5433
https://notcve.org/view.php?id=CVE-2008-5433
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en login.php en PunBB v1.3 y v1.3.1 permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través del campo password. • http://punbb.informer.com http://punbb.informer.com/forums/topic/20475/punbb-132 http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login http://secunia.com/advisories/33059 http://www.openwall.com/lists/oss-security/2008/12/09/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-5434
https://notcve.org/view.php?id=CVE-2008-5434
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. Múltiples vulnerabilidades de inyección SQL en PunBB v1.3 y v1.3.1 permite a administradores autenticados en remoto, ejecutar comandos SQL de su elección a través del parámetro (1) order_by o (2) direction a admin/users.php, o (3) opciones de configuración a admin/settings.php. • http://punbb.informer.com http://punbb.informer.com/forums/topic/20475/punbb-132 http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values http://secunia.com/advisories/33059 http://www.openwall.com/lists/oss-security/2008/12/09/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/47185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-3968
https://notcve.org/view.php?id=CVE-2008-3968
Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados XSS en el archivo userlist.php en PunBB, versiones anteriores a 1.2.20, que permite a los atacantes remotos inyectar una secuencia arbitraria de comandos web o HTML a través del parámetro p. • http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released http://www.openwall.com/lists/oss-security/2008/09/09/10 http://www.openwall.com/lists/oss-security/2008/09/09/2 http://www.securityfocus.com/bid/31082 https://exchange.xforce.ibmcloud.com/vulnerabilities/45046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-3336
https://notcve.org/view.php?id=CVE-2008-3336
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en PunBB anterior a versión 1.2.19, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados en los archivos (1) include/parser.php y (2) moderate.php. • http://punbb.informer.com http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt http://punbb.informer.com/forums/topic/19539/punbb-1219 http://secunia.com/advisories/31219 http://www.securityfocus.com/bid/30396 https://exchange.xforce.ibmcloud.com/vulnerabilities/44009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •