Pblang

Pblang

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2007-3096

  • EPSS 12.41%
  • Veröffentlicht 06.06.2007 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

10

CVE-2007-1052

  • EPSS 1.6%
  • Veröffentlicht 21.02.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed ...

7.5

CVE-2006-5062

Exploit
  • EPSS 6.24%
  • Veröffentlicht 28.09.2006 00:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter.

5

CVE-2005-2892

Exploit
  • EPSS 5.24%
  • Veröffentlicht 14.09.2005 20:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.

7.5

CVE-2005-2893

Exploit
  • EPSS 1.08%
  • Veröffentlicht 14.09.2005 20:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later exec...

4.3

CVE-2005-2894

  • EPSS 0.34%
  • Veröffentlicht 14.09.2005 20:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field.

5

CVE-2005-2895

Exploit
  • EPSS 0.46%
  • Veröffentlicht 14.09.2005 20:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message.

4.3

CVE-2005-0526

  • EPSS 0.35%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, ...

2.1

CVE-2005-0630

Exploit
  • EPSS 0.26%
  • Veröffentlicht 01.03.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.

2.1

CVE-2005-0631

Exploit
  • EPSS 0.28%
  • Veröffentlicht 01.03.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.