Vulnerabilities > 427Bb

DATE CVE VULNERABILITY TITLE RISK
2006-01-10 CVE-2006-0155 Cross-Site Scripting vulnerability in Fourtwosevenbb 2.2/2.2.1
Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.
network
427bb
4.3
2006-01-10 CVE-2006-0154 SQL Injection vulnerability in 427BB Showthread.PHP
SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter.
network
low complexity
427bb
7.5
2006-01-10 CVE-2006-0153 Authentication Bypass vulnerability in 427BB
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.
network
low complexity
427bb
7.5
2005-03-01 CVE-2005-0629 Remote HTML Injection vulnerability in 427BB
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
network
427bb
4.3