CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5433
https://notcve.org/view.php?id=CVE-2008-5433
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en login.php en PunBB v1.3 y v1.3.1 permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través del campo password. • http://punbb.informer.com http://punbb.informer.com/forums/topic/20475/punbb-132 http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login http://secunia.com/advisories/33059 http://www.openwall.com/lists/oss-security/2008/12/09/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5434
https://notcve.org/view.php?id=CVE-2008-5434
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. Múltiples vulnerabilidades de inyección SQL en PunBB v1.3 y v1.3.1 permite a administradores autenticados en remoto, ejecutar comandos SQL de su elección a través del parámetro (1) order_by o (2) direction a admin/users.php, o (3) opciones de configuración a admin/settings.php. • http://punbb.informer.com http://punbb.informer.com/forums/topic/20475/punbb-132 http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values http://secunia.com/advisories/33059 http://www.openwall.com/lists/oss-security/2008/12/09/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/47185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5418 – PunBB Mod PunPortal 0.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-5418
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. Vulnerabilidad de salto directorio en login.php en el módulo PunPortal anterior a v2.0 para PunBB permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de .. (punto punto)en el parámetro "pun_user[language]". • https://www.exploit-db.com/exploits/7168 http://securityreason.com/securityalert/4707 http://www.securityfocus.com/bid/32380 https://exchange.xforce.ibmcloud.com/vulnerabilities/46774 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2008-3968
https://notcve.org/view.php?id=CVE-2008-3968
Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados XSS en el archivo userlist.php en PunBB, versiones anteriores a 1.2.20, que permite a los atacantes remotos inyectar una secuencia arbitraria de comandos web o HTML a través del parámetro p. • http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released http://www.openwall.com/lists/oss-security/2008/09/09/10 http://www.openwall.com/lists/oss-security/2008/09/09/2 http://www.securityfocus.com/bid/31082 https://exchange.xforce.ibmcloud.com/vulnerabilities/45046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2008-3336
https://notcve.org/view.php?id=CVE-2008-3336
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en PunBB anterior a versión 1.2.19, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados en los archivos (1) include/parser.php y (2) moderate.php. • http://punbb.informer.com http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt http://punbb.informer.com/forums/topic/19539/punbb-1219 http://secunia.com/advisories/31219 http://www.securityfocus.com/bid/30396 https://exchange.xforce.ibmcloud.com/vulnerabilities/44009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •