RSS   Vulnerabilities for 'Jaxultrabb'   RSS

2008-07-02
 
CVE-2008-2966

CWE-22
 

 
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information.

 
2006-10-25
 
CVE-2006-5511

 

 
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top