Search criteria
21 vulnerabilities found for softbb by softbb
FKIE_CVE-2014-9561
Vulnerability from fkie_nvd - Published: 2015-01-15 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softbb:softbb:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "834FECB1-3139-4A42-8752-5A5B48877633",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en redir_last_post_list.php en SoftBB 0.1.3 permite a atacantes remotos inyectaqr secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro post."
}
],
"id": "CVE-2014-9561",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-15T15:59:19.623",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Jan/21"
},
{
"source": "cve@mitre.org",
"url": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Jan/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71987"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9560
Vulnerability from fkie_nvd - Published: 2015-01-15 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softbb:softbb:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "834FECB1-3139-4A42-8752-5A5B48877633",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en redir_last_post_list.php en SoftBB 0.1.3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro post."
}
],
"id": "CVE-2014-9560",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-15T15:59:18.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"source": "cve@mitre.org",
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71986"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4631
Vulnerability from fkie_nvd - Published: 2006-09-08 20:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softbb:softbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A724851-3F12-4838-8C39-712CFD472E46",
"versionEndIncluding": "0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo directo est\u00e1tico en admin/save_opt.php en SoftBB 0.1, y posiblemente anteriores, permite a un usuario validado actualizar y ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metro cache_forum, lo cual guarda el c\u00f3digo en info_options.php, el cual es accesible a trav\u00e9s de una respuesta directa."
}
],
"id": "CVE-2006-4631",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-08T20:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21761"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1521"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28579"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2300"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4633
Vulnerability from fkie_nvd - Published: 2006-09-08 20:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softbb:softbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A724851-3F12-4838-8C39-712CFD472E46",
"versionEndIncluding": "0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter."
},
{
"lang": "es",
"value": "index.php en SoftBB 0.1, y posiblemente anteriores, permite a atacantes remotos obtener la ruta de instalaci\u00f3n mediante un par\u00e1metro page[] nulo o inv\u00e1lido."
}
],
"id": "CVE-2006-4633",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-08T20:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1521"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016785"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2300"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4632
Vulnerability from fkie_nvd - Published: 2006-09-08 20:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softbb:softbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A724851-3F12-4838-8C39-712CFD472E46",
"versionEndIncluding": "0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabildiades de inyecci\u00f3n SQL en oftBB 0.1, y posiblemente anteriores, permite a un atacante remoto ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del (1) par\u00e1metro groupe en addmembre.php y el (2) par\u00e1metro select en moveto.php."
}
],
"id": "CVE-2006-4632",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-08T20:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21761"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1521"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016785"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28577"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28578"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2300"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4593
Vulnerability from fkie_nvd - Published: 2006-09-06 22:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softbb:softbb:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05110C80-F435-4922-BA23-F2D84ACED87D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en SoftBB 0.1 y anteriores permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro page."
}
],
"id": "CVE-2006-4593",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-06T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1511"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016797"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29886"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1327
Vulnerability from fkie_nvd - Published: 2006-03-21 01:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softbb:softbb:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05110C80-F435-4922-BA23-F2D84ACED87D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter."
}
],
"id": "CVE-2006-1327",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-21T01:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19283"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23999"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17160"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1002"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1594"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-9560 (GCVE-0-2014-9560)
Vulnerability from cvelistv5 – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:47
VLAI?
Summary
SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"name": "71986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71986"
},
{
"name": "20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-15T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"name": "71986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71986"
},
{
"name": "20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"name": "71986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71986"
},
{
"name": "20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"name": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9560",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9561 (GCVE-0-2014-9561)
Vulnerability from cvelistv5 – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "71987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71987"
},
{
"name": "20150110 CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-15T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "71987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71987"
},
{
"name": "20150110 CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71987"
},
{
"name": "20150110 CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/21"
},
{
"name": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html"
},
{
"name": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9561",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4633 (GCVE-0-2006-4633)
Vulnerability from cvelistv5 – Published: 2006-09-08 20:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "softbb-index-path-disclosure(28748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "softbb-index-path-disclosure(28748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "ADV-2006-3478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "softbb-index-path-disclosure(28748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4633",
"datePublished": "2006-09-08T20:00:00",
"dateReserved": "2006-09-08T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4632 (GCVE-0-2006-4632)
Vulnerability from cvelistv5 – Published: 2006-09-08 20:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "28578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28578"
},
{
"name": "28577",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28577"
},
{
"name": "21761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21761"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-addmembre-sql-injection(28747)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "28578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28578"
},
{
"name": "28577",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28577"
},
{
"name": "21761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21761"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-addmembre-sql-injection(28747)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "28578",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28578"
},
{
"name": "28577",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28577"
},
{
"name": "21761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21761"
},
{
"name": "ADV-2006-3478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-addmembre-sql-injection(28747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4632",
"datePublished": "2006-09-08T20:00:00",
"dateReserved": "2006-09-08T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4631 (GCVE-0-2006-4631)
Vulnerability from cvelistv5 – Published: 2006-09-08 20:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "21761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21761"
},
{
"name": "28579",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28579"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-admin-file-include(28749)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "21761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21761"
},
{
"name": "28579",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28579"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-admin-file-include(28749)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "21761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21761"
},
{
"name": "28579",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28579"
},
{
"name": "ADV-2006-3478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-admin-file-include(28749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4631",
"datePublished": "2006-09-08T20:00:00",
"dateReserved": "2006-09-08T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4593 (GCVE-0-2006-4593)
Vulnerability from cvelistv5 – Published: 2006-09-06 22:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016797",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016797"
},
{
"name": "19847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19847"
},
{
"name": "1511",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1511"
},
{
"name": "29886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29886"
},
{
"name": "20060904 SoftBB v0.1 \u003c = Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016797",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016797"
},
{
"name": "19847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19847"
},
{
"name": "1511",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1511"
},
{
"name": "29886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29886"
},
{
"name": "20060904 SoftBB v0.1 \u003c = Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016797",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016797"
},
{
"name": "19847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19847"
},
{
"name": "1511",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1511"
},
{
"name": "29886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29886"
},
{
"name": "20060904 SoftBB v0.1 \u003c = Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4593",
"datePublished": "2006-09-06T22:00:00",
"dateReserved": "2006-09-06T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1327 (GCVE-0-2006-1327)
Vulnerability from cvelistv5 – Published: 2006-03-21 01:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:29.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23999"
},
{
"name": "1594",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1594"
},
{
"name": "softbb-reg-sql-injection(25320)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"name": "17160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17160"
},
{
"name": "19283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19283"
},
{
"name": "ADV-2006-1002",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23999"
},
{
"name": "1594",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1594"
},
{
"name": "softbb-reg-sql-injection(25320)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"name": "17160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17160"
},
{
"name": "19283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19283"
},
{
"name": "ADV-2006-1002",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23999",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23999"
},
{
"name": "1594",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1594"
},
{
"name": "softbb-reg-sql-injection(25320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"name": "17160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17160"
},
{
"name": "19283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19283"
},
{
"name": "ADV-2006-1002",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1327",
"datePublished": "2006-03-21T01:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:29.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9560 (GCVE-0-2014-9560)
Vulnerability from nvd – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:47
VLAI?
Summary
SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"name": "71986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71986"
},
{
"name": "20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-15T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"name": "71986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71986"
},
{
"name": "20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html"
},
{
"name": "71986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71986"
},
{
"name": "20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/20"
},
{
"name": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9560",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9561 (GCVE-0-2014-9561)
Vulnerability from nvd – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "71987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71987"
},
{
"name": "20150110 CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-15T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "71987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71987"
},
{
"name": "20150110 CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71987"
},
{
"name": "20150110 CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/21"
},
{
"name": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html"
},
{
"name": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9561",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4633 (GCVE-0-2006-4633)
Vulnerability from nvd – Published: 2006-09-08 20:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "softbb-index-path-disclosure(28748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "softbb-index-path-disclosure(28748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "ADV-2006-3478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "softbb-index-path-disclosure(28748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28748"
},
{
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4633",
"datePublished": "2006-09-08T20:00:00",
"dateReserved": "2006-09-08T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4632 (GCVE-0-2006-4632)
Vulnerability from nvd – Published: 2006-09-08 20:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "28578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28578"
},
{
"name": "28577",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28577"
},
{
"name": "21761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21761"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-addmembre-sql-injection(28747)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "28578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28578"
},
{
"name": "28577",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28577"
},
{
"name": "21761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21761"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-addmembre-sql-injection(28747)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "28578",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28578"
},
{
"name": "28577",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28577"
},
{
"name": "21761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21761"
},
{
"name": "ADV-2006-3478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-addmembre-sql-injection(28747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4632",
"datePublished": "2006-09-08T20:00:00",
"dateReserved": "2006-09-08T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4631 (GCVE-0-2006-4631)
Vulnerability from nvd – Published: 2006-09-08 20:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "21761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21761"
},
{
"name": "28579",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28579"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-admin-file-include(28749)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2300",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "21761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21761"
},
{
"name": "28579",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28579"
},
{
"name": "ADV-2006-3478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-admin-file-include(28749)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2300"
},
{
"name": "21761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21761"
},
{
"name": "28579",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28579"
},
{
"name": "ADV-2006-3478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3478"
},
{
"name": "1016785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016785"
},
{
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-admin-file-include(28749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4631",
"datePublished": "2006-09-08T20:00:00",
"dateReserved": "2006-09-08T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4593 (GCVE-0-2006-4593)
Vulnerability from nvd – Published: 2006-09-06 22:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016797",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016797"
},
{
"name": "19847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19847"
},
{
"name": "1511",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1511"
},
{
"name": "29886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29886"
},
{
"name": "20060904 SoftBB v0.1 \u003c = Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016797",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016797"
},
{
"name": "19847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19847"
},
{
"name": "1511",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1511"
},
{
"name": "29886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29886"
},
{
"name": "20060904 SoftBB v0.1 \u003c = Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016797",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016797"
},
{
"name": "19847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19847"
},
{
"name": "1511",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1511"
},
{
"name": "29886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29886"
},
{
"name": "20060904 SoftBB v0.1 \u003c = Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445157/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4593",
"datePublished": "2006-09-06T22:00:00",
"dateReserved": "2006-09-06T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1327 (GCVE-0-2006-1327)
Vulnerability from nvd – Published: 2006-03-21 01:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:29.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23999"
},
{
"name": "1594",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1594"
},
{
"name": "softbb-reg-sql-injection(25320)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"name": "17160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17160"
},
{
"name": "19283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19283"
},
{
"name": "ADV-2006-1002",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23999"
},
{
"name": "1594",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1594"
},
{
"name": "softbb-reg-sql-injection(25320)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"name": "17160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17160"
},
{
"name": "19283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19283"
},
{
"name": "ADV-2006-1002",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23999",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23999"
},
{
"name": "1594",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1594"
},
{
"name": "softbb-reg-sql-injection(25320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"name": "17160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17160"
},
{
"name": "19283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19283"
},
{
"name": "ADV-2006-1002",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1327",
"datePublished": "2006-03-21T01:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:29.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}