Filtered by vendor Woltlab
Subscribe
Total
46 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1324 | 1 Woltlab | 1 Burning Board | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated. | |||||
CVE-2005-1642 | 1 Woltlab | 1 Burning Board | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable. | |||||
CVE-2005-2673 | 1 Woltlab | 1 Burning Board | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters. | |||||
CVE-2002-0903 | 1 Woltlab | 1 Burning Board | 2024-02-28 | 7.5 HIGH | N/A |
register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value. | |||||
CVE-2002-1505 | 1 Woltlab | 1 Burning Board | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. | |||||
CVE-2002-2021 | 1 Woltlab | 1 Burning Board | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |