3 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en shout.php de Knusperleicht ShoutBox 2.6 permiten a un atacante remoto inyectar secuencias de comandos web o HTML mediante los parámetros (1) sbNick o (2) sbKommentar. • https://www.exploit-db.com/exploits/29294 http://secunia.com/advisories/23526 http://www.securityfocus.com/bid/21637 http://www.securityfocus.com/data/vulnerabilities/exploits/21637.html •

CVSS: 5.1EPSS: 41%CPEs: 2EXPL: 2

PHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en index.php en Knusperleicht Shoutbox 4.4 y anteriores permiten a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro sb_include_path. • https://www.exploit-db.com/exploits/2103 http://secunia.com/advisories/21302 http://securityreason.com/securityalert/1325 http://www.osvdb.org/27709 http://www.securityfocus.com/archive/1/441815/100/0/threaded http://www.securityfocus.com/bid/19273 http://www.vupen.com/english/advisories/2006/3090 https://exchange.xforce.ibmcloud.com/vulnerabilities/28123 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. • http://marc.info/?l=bugtraq&m=111402253108991&w=2 http://secunia.com/advisories/15015 http://www.osvdb.org/15695 https://exchange.xforce.ibmcloud.com/vulnerabilities/20177 •