- EPSS 0.33%
- Veröffentlicht 22.03.2007 23:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private mess...
CVE-2006-2405
- EPSS 17.69%
- Veröffentlicht 16.05.2006 10:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null ...
CVE-2006-2406
- EPSS 3.36%
- Veröffentlicht 16.05.2006 10:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trai...
CVE-2005-2855
- EPSS 7.64%
- Veröffentlicht 08.09.2005 10:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field.