Vulnerabilities > Pblang > Pblang > 4.65
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-28 | CVE-2006-5062 | Remote File Include vulnerability in PBLang Lang_NL.PHP PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter. | 7.5 |
2005-11-30 | CVE-2005-3919 | HTML Injection vulnerability in PBLang Bulletin Board System Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php. network pblang | 4.3 |
2005-09-14 | CVE-2005-2895 | Information Disclosure vulnerability in Pblang 4.65 setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message. | 5.0 |
2005-09-14 | CVE-2005-2894 | HTML Injection vulnerability in Pblang 4.65 Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. network pblang | 4.3 |
2005-09-14 | CVE-2005-2893 | Remote Security vulnerability in Pblang 4.65 Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login. | 7.5 |
2005-09-14 | CVE-2005-2892 | Directory Traversal vulnerability in Pblang 4.65 Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter. | 5.0 |
2005-05-02 | CVE-2005-0526 | Cross-Site Scripting vulnerability in Pblang 4.65 Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. network pblang | 4.3 |