Vulnerabilities > Woltlab > Burning Board

DATE CVE VULNERABILITY TITLE RISK
2006-06-03 CVE-2006-2792 SQL-Injection vulnerability in Woltlab Burning Board 2.3.4
SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
network
low complexity
woltlab
7.5
2006-05-24 CVE-2006-2569 SQL Injection vulnerability in Woltlab Burning Board Links.PHP
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
network
low complexity
4r-linklist woltlab
7.5
2006-03-21 CVE-2006-1324 Cross-Site Scripting vulnerability in Woltlab Burning Board
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.
network
woltlab
6.8
2006-03-14 CVE-2006-1215 Cross-Site Scripting vulnerability in Woltlab Burning Board 2.3.4
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter.
network
woltlab
4.3
2006-03-09 CVE-2006-1094 SQL Injection vulnerability in Woltlab Burning Board
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
network
low complexity
datenbank-module woltlab
7.5
2006-03-07 CVE-2006-1034 Cross-Site Scripting vulnerability in Woltlab Burning Board
Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php.
network
woltlab
4.3
2006-02-28 CVE-2006-0927 Cross-Site Scripting vulnerability in JGS-Gallery Module
Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php.
network
high complexity
jgs-xa woltlab
2.6
2005-10-30 CVE-2005-3369 SQL Injection vulnerability in Woltlab Info-DB Info_db.PHP
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
network
low complexity
woltlab
7.5
2005-08-23 CVE-2005-2673 SQL Injection vulnerability in Woltlab Burning Board 2.2.2/2.2.3
SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters.
network
low complexity
woltlab
7.5
2005-05-17 CVE-2005-1642 Unspecified vulnerability in Woltlab Burning Board 2.0
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
network
low complexity
woltlab
7.5