RSS   Vulnerabilities for 'Nubuilder'   RSS

2010-07-24
 
CVE-2010-2850

CWE-22
 

 
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.

 
 
CVE-2010-2849

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top