RSS   Podatności dla 'Ekinboard'   RSS

2009-09-02
 
CVE-2008-7157

 

 
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.

 
 
CVE-2008-7156

 

 
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.

 
2006-03-09
 
CVE-2006-1130

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.

 
 
CVE-2006-1129

CWE-Other
 

 
SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie.

 
2005-11-16
 
CVE-2005-3638

 

 
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.

 


Copyright 2024, cxsecurity.com

 

Back to Top