vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.
Max CVSS
5.0
EPSS Score
1.04%
Published
2006-12-02
Updated
2018-10-17
SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962.
Max CVSS
7.5
EPSS Score
0.65%
Published
2006-12-02
Updated
2018-10-17
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie.
Max CVSS
7.5
EPSS Score
11.10%
Published
2006-03-02
Updated
2017-10-19
Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-12-31
Updated
2017-07-20
Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary SQL commands via the (1) f parameter to viewforum.php, (2) t parameter to viewtopic.php, and (3) view parameter to usercp.php.
Max CVSS
7.5
EPSS Score
0.44%
Published
2005-12-31
Updated
2017-07-20
index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote (').
Max CVSS
5.0
EPSS Score
0.50%
Published
2005-11-06
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action.
Max CVSS
4.3
EPSS Score
0.32%
Published
2005-11-06
Updated
2016-10-18
7 vulnerabilities found