CVE-2004-1860
https://notcve.org/view.php?id=CVE-2004-1860
Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker. • http://marc.info/?l=bugtraq&m=108023281112510&w=2 http://securitytracker.com/id?1009490 http://www.osvdb.org/4412 http://www.securityfocus.com/bid/9870 https://exchange.xforce.ibmcloud.com/vulnerabilities/15539 •
CVE-2004-1863
https://notcve.org/view.php?id=CVE-2004-1863
Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://www.osvdb.org/14982 http://www.osvdb.org/14989 http://www.osvdb.org/14991 http://www.osvdb.org/16884 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2004-1864
https://notcve.org/view.php?id=CVE-2004-1864
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://securitytracker.com/id?1009561 http://www.osvdb.org/16886 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15655 •
CVE-2004-1862
https://notcve.org/view.php?id=CVE-2004-1862
Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://osvdb.org/14983 http://osvdb.org/14985 http://osvdb.org/14986 http://osvdb.org/14987 http://osvdb.org/14988 http://secunia.com/advisories/11230 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15654 •
CVE-2004-0323 – XMB Forum 1.8 - 'forumdisplay.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-0323
Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta. • https://www.exploit-db.com/exploits/23748 http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html http://marc.info/?l=bugtraq&m=107756526625179&w=2 http://www.securityfocus.com/bid/9726 http://www.xmbforum.com/community/boards/viewthread.php?tid=746859 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15295 •