Search criteria
18 vulnerabilities found for quicksilver_forums by quicksilver_forums
CVE-2008-7064 (GCVE-0-2008-7064)
Vulnerability from nvd – Published: 2009-08-25 10:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/7217 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/32823 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/38670 | third-party-advisoryx_refsource_SECUNIA |
| http://www.qsfportal.com/index.php?a=newspost&t=191 | x_refsource_CONFIRM |
| http://osvdb.org/50143 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/32452 | vdb-entryx_refsource_BID |
Date Public
2008-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:12.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7217",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7217"
},
{
"name": "quicksilverforums-avatar-file-upload(46828)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"
},
{
"name": "32823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32823"
},
{
"name": "quicksilverforums-index-file-include(46823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"
},
{
"name": "38670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191"
},
{
"name": "50143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50143"
},
{
"name": "32452",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a \"\\\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for \"/\" (forward slash), as demonstrated by uploading and including PHP code in an avatar file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7217",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7217"
},
{
"name": "quicksilverforums-avatar-file-upload(46828)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"
},
{
"name": "32823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32823"
},
{
"name": "quicksilverforums-index-file-include(46823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"
},
{
"name": "38670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191"
},
{
"name": "50143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50143"
},
{
"name": "32452",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a \"\\\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for \"/\" (forward slash), as demonstrated by uploading and including PHP code in an avatar file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7217",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7217"
},
{
"name": "quicksilverforums-avatar-file-upload(46828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"
},
{
"name": "32823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32823"
},
{
"name": "quicksilverforums-index-file-include(46823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"
},
{
"name": "38670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38670"
},
{
"name": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191",
"refsource": "CONFIRM",
"url": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191"
},
{
"name": "50143",
"refsource": "OSVDB",
"url": "http://osvdb.org/50143"
},
{
"name": "32452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7064",
"datePublished": "2009-08-25T10:00:00.000Z",
"dateReserved": "2009-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:12.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3601 (GCVE-0-2008-3601)
Vulnerability from nvd – Published: 2008-08-12 19:00 – Updated: 2024-08-07 09:45
VLAI
Summary
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30623 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/4144 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/6223 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/31419 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-08-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30623"
},
{
"name": "4144",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4144"
},
{
"name": "quicksilverforums-index-sql-injection(44366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44366"
},
{
"name": "6223",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6223"
},
{
"name": "31419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30623"
},
{
"name": "4144",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4144"
},
{
"name": "quicksilverforums-index-sql-injection(44366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44366"
},
{
"name": "6223",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6223"
},
{
"name": "31419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30623"
},
{
"name": "4144",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4144"
},
{
"name": "quicksilverforums-index-sql-injection(44366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44366"
},
{
"name": "6223",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6223"
},
{
"name": "31419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3601",
"datePublished": "2008-08-12T19:00:00.000Z",
"dateReserved": "2008-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:18.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5171 (GCVE-0-2007-5171)
Vulnerability from nvd – Published: 2007-10-01 20:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26998 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25887 | vdb-entryx_refsource_BID |
| http://forums.quicksilverforums.com/index.php?a=t… | x_refsource_CONFIRM |
Date Public
2007-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "quicksilver-unspecified-data-manipulation(36890)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36890"
},
{
"name": "26998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "quicksilver-unspecified-data-manipulation(36890)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36890"
},
{
"name": "26998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quicksilver-unspecified-data-manipulation(36890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36890"
},
{
"name": "26998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"name": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332",
"refsource": "CONFIRM",
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5171",
"datePublished": "2007-10-01T20:00:00.000Z",
"dateReserved": "2007-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5172 (GCVE-0-2007-5172)
Vulnerability from nvd – Published: 2007-10-01 20:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26998 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25887 | vdb-entryx_refsource_BID |
| http://forums.quicksilverforums.com/index.php?a=t… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"name": "quicksilver-library-information-disclosure(36891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"name": "quicksilver-library-information-disclosure(36891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"name": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332",
"refsource": "CONFIRM",
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"name": "quicksilver-library-information-disclosure(36891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5172",
"datePublished": "2007-10-01T20:00:00.000Z",
"dateReserved": "2007-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4824 (GCVE-0-2006-4824)
Vulnerability from nvd – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:23
VLAI
Summary
PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/2356 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/21892 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19991 | vdb-entryx_refsource_BID |
| http://www.quicksilverforums.com/index.php | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/3596 | vdb-entryx_refsource_VUPEN |
Date Public
2006-09-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2356",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2356"
},
{
"name": "quicksilver-forums-activeutil-file-include(28901)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28901"
},
{
"name": "21892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21892"
},
{
"name": "19991",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19991"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.quicksilverforums.com/index.php"
},
{
"name": "ADV-2006-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2356",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2356"
},
{
"name": "quicksilver-forums-activeutil-file-include(28901)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28901"
},
{
"name": "21892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21892"
},
{
"name": "19991",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19991"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.quicksilverforums.com/index.php"
},
{
"name": "ADV-2006-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3596"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2356",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2356"
},
{
"name": "quicksilver-forums-activeutil-file-include(28901)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28901"
},
{
"name": "21892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21892"
},
{
"name": "19991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19991"
},
{
"name": "http://www.quicksilverforums.com/index.php",
"refsource": "MISC",
"url": "http://www.quicksilverforums.com/index.php"
},
{
"name": "ADV-2006-3596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3596"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4824",
"datePublished": "2006-09-15T22:00:00.000Z",
"dateReserved": "2006-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4030 (GCVE-0-2005-4030)
Vulnerability from nvd – Published: 2005-12-06 11:00 – Updated: 2024-08-07 23:31
VLAI
Summary
SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15710 | vdb-entryx_refsource_BID |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/17861 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/2729 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/21443 | vdb-entryx_refsource_OSVDB |
Date Public
2005-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354"
},
{
"name": "17861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17861"
},
{
"name": "ADV-2005-2729",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2729"
},
{
"name": "21443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-30T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354"
},
{
"name": "17861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17861"
},
{
"name": "ADV-2005-2729",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2729"
},
{
"name": "21443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15710"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354"
},
{
"name": "17861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17861"
},
{
"name": "ADV-2005-2729",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2729"
},
{
"name": "21443",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4030",
"datePublished": "2005-12-06T11:00:00.000Z",
"dateReserved": "2005-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2008-7064
Vulnerability from fkie_nvd - Published: 2009-08-25 10:30 - Updated: 2026-04-23 00:35
Severity
Summary
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quicksilver_forums | quicksilver_forums | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quicksilver_forums:quicksilver_forums:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F47737FE-E985-4C4A-86C6-A13EC17CE42C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a \"\\\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for \"/\" (forward slash), as demonstrated by uploading and including PHP code in an avatar file."
},
{
"lang": "es",
"value": "La vulnerabilidad de salto del directorio en la funci\u00f3n get_lang en el archivo global.php en Quicksilver Forums versi\u00f3n 1.4.2 y anteriores, como es usado en QSF Portal anterior a versi\u00f3n 1.4.5, cuando es ejecutado en Windows, permite a los atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de un \"\\\" (barra diagonal invertida) en el par\u00e1metro lang en archivo index.php, que omite un mecanismo de protecci\u00f3n que solo comprueba \"/\" (barra diagonal), como es demostrado al cargar e incluir el c\u00f3digo PHP en un archivo avatar."
}
],
"id": "CVE-2008-7064",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-25T10:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50143"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32823"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38670"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32452"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3601
Vulnerability from fkie_nvd - Published: 2008-08-12 19:41 - Updated: 2026-04-23 00:35
Severity
Summary
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quicksilver_forums | quicksilver_forums | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quicksilver_forums:quicksilver_forums:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5384AB54-A0E6-414B-A457-A64A8CFDCF45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php de Quicksilver Forums 1.4.1 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro forums array en una acci\u00f3n de b\u00fasqueda."
}
],
"id": "CVE-2008-3601",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-12T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31419"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4144"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30623"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44366"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6223"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5172
Vulnerability from fkie_nvd - Published: 2007-10-01 20:17 - Updated: 2026-04-23 00:35
Severity
Summary
Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quicksilver_forums | quicksilver_forums | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quicksilver_forums:quicksilver_forums:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F435CE59-51BF-4DD2-A6C5-CC4EEFDA7032",
"versionEndIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message."
},
{
"lang": "es",
"value": "Quicksilver Forums before 1.4.1 permite a atacantes remotos obtener informaci\u00f3n confidencial al causar errores de conexi\u00f3n no especificados, que revelan la contrase\u00f1a de la base de datos en el mensaje de error resultante."
}
],
"id": "CVE-2007-5172",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-01T20:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26998"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5171
Vulnerability from fkie_nvd - Published: 2007-10-01 20:17 - Updated: 2026-04-23 00:35
Severity
Summary
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quicksilver_forums | quicksilver_forums | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quicksilver_forums:quicksilver_forums:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F435CE59-51BF-4DD2-A6C5-CC4EEFDA7032",
"versionEndIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Quicksilver Forums versiones anteriores a 1.4.1 permite a atacantes remotos borrar PMs de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2007-5171",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-01T20:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26998"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36890"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4824
Vulnerability from fkie_nvd - Published: 2006-09-15 22:07 - Updated: 2026-04-16 00:27
Severity
Summary
PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quicksilver_forums | quicksilver_forums | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quicksilver_forums:quicksilver_forums:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7B99F5-3144-4DD9-A013-1E0CCB39CA25",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad en el fichero de inclusi\u00f3n remota en lib/activeutil.php en Quicksilver Forums (QSF) 1.2.1 y anteriores, permite a un atacante remoto ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en el par\u00e1metro set[include_path]."
}
],
"id": "CVE-2006-4824",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-15T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21892"
},
{
"source": "cve@mitre.org",
"url": "http://www.quicksilverforums.com/index.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19991"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3596"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28901"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quicksilverforums.com/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2356"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4030
Vulnerability from fkie_nvd - Published: 2005-12-06 11:03 - Updated: 2026-04-16 00:27
Severity
Summary
SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quicksilver_forums | quicksilver_forums | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quicksilver_forums:quicksilver_forums:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A55F1D5-42AB-4018-83B2-6EE6A10E2B57",
"versionEndIncluding": "1.1.5_pr1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header."
}
],
"id": "CVE-2005-4030",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-06T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17861"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21443"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15710"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2729"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-7064 (GCVE-0-2008-7064)
Vulnerability from cvelistv5 – Published: 2009-08-25 10:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/7217 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/32823 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/38670 | third-party-advisoryx_refsource_SECUNIA |
| http://www.qsfportal.com/index.php?a=newspost&t=191 | x_refsource_CONFIRM |
| http://osvdb.org/50143 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/32452 | vdb-entryx_refsource_BID |
Date Public
2008-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:12.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7217",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7217"
},
{
"name": "quicksilverforums-avatar-file-upload(46828)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"
},
{
"name": "32823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32823"
},
{
"name": "quicksilverforums-index-file-include(46823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"
},
{
"name": "38670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191"
},
{
"name": "50143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50143"
},
{
"name": "32452",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a \"\\\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for \"/\" (forward slash), as demonstrated by uploading and including PHP code in an avatar file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7217",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7217"
},
{
"name": "quicksilverforums-avatar-file-upload(46828)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"
},
{
"name": "32823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32823"
},
{
"name": "quicksilverforums-index-file-include(46823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"
},
{
"name": "38670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191"
},
{
"name": "50143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50143"
},
{
"name": "32452",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a \"\\\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for \"/\" (forward slash), as demonstrated by uploading and including PHP code in an avatar file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7217",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7217"
},
{
"name": "quicksilverforums-avatar-file-upload(46828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46828"
},
{
"name": "32823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32823"
},
{
"name": "quicksilverforums-index-file-include(46823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46823"
},
{
"name": "38670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38670"
},
{
"name": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191",
"refsource": "CONFIRM",
"url": "http://www.qsfportal.com/index.php?a=newspost\u0026t=191"
},
{
"name": "50143",
"refsource": "OSVDB",
"url": "http://osvdb.org/50143"
},
{
"name": "32452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7064",
"datePublished": "2009-08-25T10:00:00.000Z",
"dateReserved": "2009-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:12.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3601 (GCVE-0-2008-3601)
Vulnerability from cvelistv5 – Published: 2008-08-12 19:00 – Updated: 2024-08-07 09:45
VLAI
Summary
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30623 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/4144 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/6223 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/31419 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-08-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30623"
},
{
"name": "4144",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4144"
},
{
"name": "quicksilverforums-index-sql-injection(44366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44366"
},
{
"name": "6223",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6223"
},
{
"name": "31419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30623"
},
{
"name": "4144",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4144"
},
{
"name": "quicksilverforums-index-sql-injection(44366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44366"
},
{
"name": "6223",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6223"
},
{
"name": "31419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30623"
},
{
"name": "4144",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4144"
},
{
"name": "quicksilverforums-index-sql-injection(44366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44366"
},
{
"name": "6223",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6223"
},
{
"name": "31419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3601",
"datePublished": "2008-08-12T19:00:00.000Z",
"dateReserved": "2008-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:18.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5171 (GCVE-0-2007-5171)
Vulnerability from cvelistv5 – Published: 2007-10-01 20:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26998 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25887 | vdb-entryx_refsource_BID |
| http://forums.quicksilverforums.com/index.php?a=t… | x_refsource_CONFIRM |
Date Public
2007-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "quicksilver-unspecified-data-manipulation(36890)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36890"
},
{
"name": "26998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "quicksilver-unspecified-data-manipulation(36890)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36890"
},
{
"name": "26998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quicksilver-unspecified-data-manipulation(36890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36890"
},
{
"name": "26998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"name": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332",
"refsource": "CONFIRM",
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5171",
"datePublished": "2007-10-01T20:00:00.000Z",
"dateReserved": "2007-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5172 (GCVE-0-2007-5172)
Vulnerability from cvelistv5 – Published: 2007-10-01 20:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26998 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25887 | vdb-entryx_refsource_BID |
| http://forums.quicksilverforums.com/index.php?a=t… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"name": "quicksilver-library-information-disclosure(36891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"name": "quicksilver-library-information-disclosure(36891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26998"
},
{
"name": "25887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25887"
},
{
"name": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332",
"refsource": "CONFIRM",
"url": "http://forums.quicksilverforums.com/index.php?a=topic\u0026t=1332"
},
{
"name": "quicksilver-library-information-disclosure(36891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5172",
"datePublished": "2007-10-01T20:00:00.000Z",
"dateReserved": "2007-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4824 (GCVE-0-2006-4824)
Vulnerability from cvelistv5 – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:23
VLAI
Summary
PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/2356 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/21892 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19991 | vdb-entryx_refsource_BID |
| http://www.quicksilverforums.com/index.php | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/3596 | vdb-entryx_refsource_VUPEN |
Date Public
2006-09-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2356",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2356"
},
{
"name": "quicksilver-forums-activeutil-file-include(28901)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28901"
},
{
"name": "21892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21892"
},
{
"name": "19991",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19991"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.quicksilverforums.com/index.php"
},
{
"name": "ADV-2006-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2356",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2356"
},
{
"name": "quicksilver-forums-activeutil-file-include(28901)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28901"
},
{
"name": "21892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21892"
},
{
"name": "19991",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19991"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.quicksilverforums.com/index.php"
},
{
"name": "ADV-2006-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3596"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2356",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2356"
},
{
"name": "quicksilver-forums-activeutil-file-include(28901)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28901"
},
{
"name": "21892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21892"
},
{
"name": "19991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19991"
},
{
"name": "http://www.quicksilverforums.com/index.php",
"refsource": "MISC",
"url": "http://www.quicksilverforums.com/index.php"
},
{
"name": "ADV-2006-3596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3596"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4824",
"datePublished": "2006-09-15T22:00:00.000Z",
"dateReserved": "2006-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4030 (GCVE-0-2005-4030)
Vulnerability from cvelistv5 – Published: 2005-12-06 11:00 – Updated: 2024-08-07 23:31
VLAI
Summary
SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15710 | vdb-entryx_refsource_BID |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/17861 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/2729 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/21443 | vdb-entryx_refsource_OSVDB |
Date Public
2005-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354"
},
{
"name": "17861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17861"
},
{
"name": "ADV-2005-2729",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2729"
},
{
"name": "21443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-30T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354"
},
{
"name": "17861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17861"
},
{
"name": "ADV-2005-2729",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2729"
},
{
"name": "21443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15710"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970\u0026group_id=154354"
},
{
"name": "17861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17861"
},
{
"name": "ADV-2005-2729",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2729"
},
{
"name": "21443",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4030",
"datePublished": "2005-12-06T11:00:00.000Z",
"dateReserved": "2005-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}