CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1939 – W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1939
Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920. Múltiples Vulnerabilidades de Inyección SQL en W1L3D4 Philboard 1.0, permiten a atacantes remotos ejecutar comandos SQL arbitrariamente a través de los parámetros (1) id y (2) topic en (a) philboard_reply.asp y del parámetro (3) forumid en (b) philboard_newtopic.asp, vectores diferentes de CVE-2007-2641 y CVE-2007-0920. • https://www.exploit-db.com/exploits/5475 http://www.securityfocus.com/bid/28871 http://www.vupen.com/english/advisories/2008/1340/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41957 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4433
https://notcve.org/view.php?id=CVE-2007-4433
Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en textfilesearch.aspx en la edición Text File Search ASP.NET permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo de búsqueda (search). • http://osvdb.org/37734 http://securityreason.com/securityalert/3048 http://www.packetstormsecurity.org/0708-exploits/aspnet-xss.txt http://www.securityfocus.com/bid/25349 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4434 – Text File Search Classic - 'TextFileSearch.asp' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4434
Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en textfilesearch.asp en la edición Text File Search ASP (Classic) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro query. • https://www.exploit-db.com/exploits/30505 http://osvdb.org/37733 http://securityreason.com/securityalert/3046 http://www.packetstormsecurity.org/0708-exploits/tfsc-xss.txt http://www.securityfocus.com/bid/25350 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4297
https://notcve.org/view.php?id=CVE-2007-4297
Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en yorumkaydet.asp de Dersimiz Haber Ekleme Modulu permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) yazan, (2) mail, y (3) yorum. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://osvdb.org/37537 http://secunia.com/advisories/26380 http://www.packetstormsecurity.org/0708-exploits/dersimiz-xss.txt http://www.securityfocus.com/bid/25250 http://www.vupen.com/english/advisories/2007/2831 https://exchange.xforce.ibmcloud.com/vulnerabilities/35911 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2007-3884 – husrevforum 1.0.1/2.0.1 - 'Philboard_forum.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3884
SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected. Una vulnerabilidad de inyección SQL en el archivo philboard_forum.asp en husrevforum versión 1.0.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro forumid. NOTA: más tarde se reportó que la versión 2.0.1 también está afectada. • https://www.exploit-db.com/exploits/30316 http://secunia.com/advisories/26089 http://secunia.com/advisories/26736 http://www.osvdb.org/38185 http://www.securityfocus.com/archive/1/478974/100/0/threaded http://www.securityfocus.com/bid/24928 http://www.vupen.com/english/advisories/2007/2557 http://yollubunlar.org/husrev-forums-v201powerboard-sql-injection-exploit-3503.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35443 https://exchange.xforce.ibmcloud.com/vulnerabilities/36530 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •