CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5433
https://notcve.org/view.php?id=CVE-2008-5433
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en login.php en PunBB v1.3 y v1.3.1 permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través del campo password. • http://punbb.informer.com http://punbb.informer.com/forums/topic/20475/punbb-132 http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login http://secunia.com/advisories/33059 http://www.openwall.com/lists/oss-security/2008/12/09/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5434
https://notcve.org/view.php?id=CVE-2008-5434
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. Múltiples vulnerabilidades de inyección SQL en PunBB v1.3 y v1.3.1 permite a administradores autenticados en remoto, ejecutar comandos SQL de su elección a través del parámetro (1) order_by o (2) direction a admin/users.php, o (3) opciones de configuración a admin/settings.php. • http://punbb.informer.com http://punbb.informer.com/forums/topic/20475/punbb-132 http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values http://secunia.com/advisories/33059 http://www.openwall.com/lists/oss-security/2008/12/09/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/47185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •