11 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. • http://secunia.com/advisories/18821 http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23117 http://www.osvdb.org/23118 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24646 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. • http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23119 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1

Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page. • http://irannetjob.com/content/view/163/28 http://secunia.com/advisories/17642 http://securitytracker.com/id?1015237 http://www.securityfocus.com/archive/1/417078/30/0/threaded http://www.securityfocus.com/bid/15489 http://www.vupen.com/english/advisories/2005/2488 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •

CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0

Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker. • http://marc.info/?l=bugtraq&m=108023281112510&w=2 http://securitytracker.com/id?1009490 http://www.osvdb.org/4412 http://www.securityfocus.com/bid/9870 https://exchange.xforce.ibmcloud.com/vulnerabilities/15539 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://www.osvdb.org/14982 http://www.osvdb.org/14989 http://www.osvdb.org/14991 http://www.osvdb.org/16884 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •