CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3710
https://notcve.org/view.php?id=CVE-2008-3710
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php and (c) process_edit_board.php in adminopts/. NOTE: some of these vectors might not be vulnerabilities under proper installation. Múltiples vulnerabilidades de salto de directorio CyBoards PHP Lite 1.21, permiten a atacantes remotos incluir y ejecutar archivos locales arbitrariamente mediante secuencias de salto de directorio en el parámetro (1) script_path de (a) options.php y el parámetro (2) lang_code en (b) copy_vip.php y (c) process_edit_board.php de adminopts/. NOTA: alguno de estos vectores podrían no considerarse vulnerabilidades con una instalación adecuada. • http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt http://www.attrition.org/pipermail/vim/2008-August/002052.html http://www.securityfocus.com/bid/30688 https://exchange.xforce.ibmcloud.com/vulnerabilities/44475 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3709
https://notcve.org/view.php?id=CVE-2008-3709
Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php. Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados en CyBoards PHP Lite 1.21, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariamente a través de (1) lOptionsOptions, (2) lNavAdminOptions, o (3) lNavReturn parameter de options.php; o el parámetro (4) lNavReturn de subscribe.php. • http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt http://www.attrition.org/pipermail/vim/2008-August/002052.html http://www.securityfocus.com/bid/30688 https://exchange.xforce.ibmcloud.com/vulnerabilities/44476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3707
https://notcve.org/view.php?id=CVE-2008-3707
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (17) delete_ban.php, (18) delete_board.php, (19) delete_messages.php, (20) delete_vip.php, (21) edit_ban.php, (22) edit_board.php, (23) edit_vip.php, (24) index.php, (25) lock_messages.php, (26) login.php, (27) modify_ban_list.php, (28) modify_vip_list.php, (29) move_messages.php, (30) process_add_board.php, (31) process_ban.php, (32) process_delete_ban.php, (33) process_delete_board.php, (34) process_delete_messages.php, (35) process_delete_vip.php, (36) process_edit_board.php, (37) process_lock_messages.php, (38) process_login.php, (39) process_move_messages.php, (40) process_sticky_messages.php, (41) process_vip.php, and (42) sticky_messages.php in path/adminopts. NOTE: the include/common.php vector is covered by CVE-2006-2871. NOTE: some of these vectors might not be vulnerabilities under proper installation. Múltiples vulnerabilidades de inclusión de archivos remotos PHP en CyBoards PHP Lite versión 1.21, permite a atacantes remotos ejecutar código PHP arbitrario por medio de una URL en el parámetro script_path en los archivos (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php en path/; y los archivos (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (17) delete_ban.php, (18) delete_board.php, (19) delete_messages.php, (20) delete_vip.php, (21) edit_ban.php, (22) edit_board.php, (23) edit_vip.php, (24) index.php, (25) lock_messages.php, (26) login.php, (27) modify_ban_list.php, (28) modify_vip_list.php, (29) move_messages.php, (30) process_add_board.php, (31) process_ban.php, (32) process_delete_ban.php, (33) process_delete_board.php, (34) process_delete_messages.php, (35) process_delete_vip.php, (36) process_edit_board.php, (37) process_lock_messages.php, (38) process_login.php, (39) process_move_messages.php, (40) process_sticky_messages.php, (41) process_vip.php, y (42) sticky_messages.php en path/adminopts. NOTA: el vector include/common.php está cubierto por CVE-2006-2871. • http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt http://www.attrition.org/pipermail/vim/2008-August/002052.html http://www.securityfocus.com/bid/30688 https://exchange.xforce.ibmcloud.com/vulnerabilities/44474 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2491 – AbleSpace 1.0 - 'adv_cat.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2491
SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. Vulnerabilidad de inyección SQL en adv_cat.php en AbleSpace, permite a atacantes remotos jecutar comandos SQL de su elección a través del parámetro cat_id. • https://www.exploit-db.com/exploits/31842 http://www.securityfocus.com/archive/1/492576/100/0/threaded http://www.securityfocus.com/bid/29369 https://exchange.xforce.ibmcloud.com/vulnerabilities/42635 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2008-1565 – phpBB PJIRC Module 0.5 - 'irc.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-1565
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. Vulnerabilidad de salto de directorio en forum/irc/irc.php del módulo PJIRC 0.5 para phpBB permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de .. (punto punto) en el parámetro phpEx. • https://www.exploit-db.com/exploits/31535 http://securityreason.com/securityalert/3790 http://www.securityfocus.com/archive/1/490070/100/0/threaded http://www.securityfocus.com/bid/28446 https://exchange.xforce.ibmcloud.com/vulnerabilities/41456 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •