Show filters
28 Total Results
Displaying 11-20 of 28
Sort by:
Attacker Value
Unknown

CVE-2008-6301

Disclosure Date: February 26, 2009 (last updated October 04, 2023)
SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
0
0
Attacker Value
Unknown

CVE-2008-4512

Disclosure Date: October 09, 2008 (last updated October 04, 2023)
ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
0
0
Attacker Value
Unknown

CVE-2008-1971

Disclosure Date: April 27, 2008 (last updated October 04, 2023)
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
0
0
Attacker Value
Unknown

CVE-2008-0775

Disclosure Date: February 14, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".
0
0
Attacker Value
Unknown

CVE-2007-6298

Disclosure Date: December 10, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages.
0
0
Attacker Value
Unknown

CVE-2007-5948

Disclosure Date: November 14, 2007 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.
0
0
Attacker Value
Unknown

CVE-2007-4487

Disclosure Date: August 22, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2007-4330

Disclosure Date: August 14, 2007 (last updated October 04, 2023)
PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
0
0
Attacker Value
Unknown

CVE-2007-0546

Disclosure Date: January 29, 2007 (last updated October 04, 2023)
Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.
0
0
Attacker Value
Unknown

CVE-2006-6721

Disclosure Date: December 23, 2006 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter.
0
0
View More Topics  < Previous  Next >