Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by ekinboard
CVE-2008-7157 (GCVE-0-2008-7157)
Vulnerability from nvd – Published: 2009-09-02 17:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27166 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4859 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "4859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4859"
},
{
"name": "ekinboard-upload-file-upload(39507)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "4859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4859"
},
{
"name": "ekinboard-upload-file-upload(39507)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "4859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4859"
},
{
"name": "ekinboard-upload-file-upload(39507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7157",
"datePublished": "2009-09-02T17:00:00.000Z",
"dateReserved": "2009-09-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7156 (GCVE-0-2008-7156)
Vulnerability from nvd – Published: 2009-09-02 17:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27166 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4859 | exploitx_refsource_EXPLOIT-DB |
Date Public
2008-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "ekinboard-backup-authentication-bypass(39512)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39512"
},
{
"name": "4859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4859"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "ekinboard-backup-authentication-bypass(39512)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39512"
},
{
"name": "4859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4859"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "ekinboard-backup-authentication-bypass(39512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39512"
},
{
"name": "4859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4859"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7156",
"datePublished": "2009-09-02T17:00:00.000Z",
"dateReserved": "2009-09-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1130 (GCVE-0-2006-1130)
Vulnerability from nvd – Published: 2006-03-10 02:00 – Updated: 2024-08-07 17:03
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/427073/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/558 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/0758 | vdb-entryx_refsource_VUPEN |
| http://evuln.com/vulns/88/summary.html | x_refsource_MISC |
| http://www.ekinboard.com/forums/v1/viewtopic.php?id=469 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/16861 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/19045 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/23546 | vdb-entryx_refsource_OSVDB |
| http://www.ekinboard.com/patch_for_1.0.3.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:26.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/558"
},
{
"name": "ADV-2006-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "19045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19045"
},
{
"name": "23546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "ekinboard-bbcode-xss(24921)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/558"
},
{
"name": "ADV-2006-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "19045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19045"
},
{
"name": "23546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "ekinboard-bbcode-xss(24921)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "558",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/558"
},
{
"name": "ADV-2006-0758",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"name": "http://evuln.com/vulns/88/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"name": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469",
"refsource": "CONFIRM",
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "19045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19045"
},
{
"name": "23546",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23546"
},
{
"name": "http://www.ekinboard.com/patch_for_1.0.3.txt",
"refsource": "MISC",
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "ekinboard-bbcode-xss(24921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1130",
"datePublished": "2006-03-10T02:00:00.000Z",
"dateReserved": "2006-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:26.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1129 (GCVE-0-2006-1129)
Vulnerability from nvd – Published: 2006-03-10 02:00 – Updated: 2024-08-07 17:03
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/427073/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/0758 | vdb-entryx_refsource_VUPEN |
| http://evuln.com/vulns/88/summary.html | x_refsource_MISC |
| http://www.ekinboard.com/forums/v1/viewtopic.php?id=469 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/16861 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/19045 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ekinboard.com/patch_for_1.0.3.txt | x_refsource_MISC |
| http://www.osvdb.org/23547 | vdb-entryx_refsource_OSVDB |
Date Public
2006-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:27.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "ADV-2006-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "ekinboard-config-sql-injection(24922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24922"
},
{
"name": "19045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19045"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "23547",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "ADV-2006-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "ekinboard-config-sql-injection(24922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24922"
},
{
"name": "19045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19045"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "23547",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "ADV-2006-0758",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"name": "http://evuln.com/vulns/88/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"name": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469",
"refsource": "CONFIRM",
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "ekinboard-config-sql-injection(24922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24922"
},
{
"name": "19045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19045"
},
{
"name": "http://www.ekinboard.com/patch_for_1.0.3.txt",
"refsource": "MISC",
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "23547",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1129",
"datePublished": "2006-03-10T02:00:00.000Z",
"dateReserved": "2006-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:27.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3638 (GCVE-0-2005-3638)
Vulnerability from nvd – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15447 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/17569 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1015207 | vdb-entryx_refsource_SECTRACK |
| http://irannetjob.com/content/view/162/28/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/15443 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/20844 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2005/2419 | vdb-entryx_refsource_VUPEN |
Date Public
2005-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15447"
},
{
"name": "17569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17569"
},
{
"name": "1015207",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://irannetjob.com/content/view/162/28/"
},
{
"name": "15443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15443"
},
{
"name": "20844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20844"
},
{
"name": "ADV-2005-2419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15447"
},
{
"name": "17569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17569"
},
{
"name": "1015207",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://irannetjob.com/content/view/162/28/"
},
{
"name": "15443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15443"
},
{
"name": "20844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20844"
},
{
"name": "ADV-2005-2419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15447"
},
{
"name": "17569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17569"
},
{
"name": "1015207",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015207"
},
{
"name": "http://irannetjob.com/content/view/162/28/",
"refsource": "MISC",
"url": "http://irannetjob.com/content/view/162/28/"
},
{
"name": "15443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15443"
},
{
"name": "20844",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20844"
},
{
"name": "ADV-2005-2419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3638",
"datePublished": "2005-11-16T21:17:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7156 (GCVE-0-2008-7156)
Vulnerability from cvelistv5 – Published: 2009-09-02 17:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27166 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4859 | exploitx_refsource_EXPLOIT-DB |
Date Public
2008-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "ekinboard-backup-authentication-bypass(39512)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39512"
},
{
"name": "4859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4859"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "ekinboard-backup-authentication-bypass(39512)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39512"
},
{
"name": "4859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4859"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "ekinboard-backup-authentication-bypass(39512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39512"
},
{
"name": "4859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4859"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7156",
"datePublished": "2009-09-02T17:00:00.000Z",
"dateReserved": "2009-09-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7157 (GCVE-0-2008-7157)
Vulnerability from cvelistv5 – Published: 2009-09-02 17:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27166 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4859 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "4859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4859"
},
{
"name": "ekinboard-upload-file-upload(39507)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "4859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4859"
},
{
"name": "ekinboard-upload-file-upload(39507)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27166"
},
{
"name": "4859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4859"
},
{
"name": "ekinboard-upload-file-upload(39507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7157",
"datePublished": "2009-09-02T17:00:00.000Z",
"dateReserved": "2009-09-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1130 (GCVE-0-2006-1130)
Vulnerability from cvelistv5 – Published: 2006-03-10 02:00 – Updated: 2024-08-07 17:03
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/427073/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/558 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/0758 | vdb-entryx_refsource_VUPEN |
| http://evuln.com/vulns/88/summary.html | x_refsource_MISC |
| http://www.ekinboard.com/forums/v1/viewtopic.php?id=469 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/16861 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/19045 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/23546 | vdb-entryx_refsource_OSVDB |
| http://www.ekinboard.com/patch_for_1.0.3.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:26.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/558"
},
{
"name": "ADV-2006-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "19045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19045"
},
{
"name": "23546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23546"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "ekinboard-bbcode-xss(24921)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/558"
},
{
"name": "ADV-2006-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "19045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19045"
},
{
"name": "23546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23546"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "ekinboard-bbcode-xss(24921)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "558",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/558"
},
{
"name": "ADV-2006-0758",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"name": "http://evuln.com/vulns/88/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"name": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469",
"refsource": "CONFIRM",
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "19045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19045"
},
{
"name": "23546",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23546"
},
{
"name": "http://www.ekinboard.com/patch_for_1.0.3.txt",
"refsource": "MISC",
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "ekinboard-bbcode-xss(24921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1130",
"datePublished": "2006-03-10T02:00:00.000Z",
"dateReserved": "2006-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:26.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1129 (GCVE-0-2006-1129)
Vulnerability from cvelistv5 – Published: 2006-03-10 02:00 – Updated: 2024-08-07 17:03
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/427073/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/0758 | vdb-entryx_refsource_VUPEN |
| http://evuln.com/vulns/88/summary.html | x_refsource_MISC |
| http://www.ekinboard.com/forums/v1/viewtopic.php?id=469 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/16861 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/19045 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ekinboard.com/patch_for_1.0.3.txt | x_refsource_MISC |
| http://www.osvdb.org/23547 | vdb-entryx_refsource_OSVDB |
Date Public
2006-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:27.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "ADV-2006-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "ekinboard-config-sql-injection(24922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24922"
},
{
"name": "19045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19045"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "23547",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "ADV-2006-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "ekinboard-config-sql-injection(24922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24922"
},
{
"name": "19045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19045"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "23547",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060308 [eVuln] EKINboard \u0027img\u0027 BBCode XSS \u0026 Cookie \u0027username\u0027 SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "ADV-2006-0758",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"name": "http://evuln.com/vulns/88/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"name": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469",
"refsource": "CONFIRM",
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "ekinboard-config-sql-injection(24922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24922"
},
{
"name": "19045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19045"
},
{
"name": "http://www.ekinboard.com/patch_for_1.0.3.txt",
"refsource": "MISC",
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "23547",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1129",
"datePublished": "2006-03-10T02:00:00.000Z",
"dateReserved": "2006-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:27.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3638 (GCVE-0-2005-3638)
Vulnerability from cvelistv5 – Published: 2005-11-16 21:17 – Updated: 2024-08-07 23:17
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15447 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/17569 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1015207 | vdb-entryx_refsource_SECTRACK |
| http://irannetjob.com/content/view/162/28/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/15443 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/20844 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2005/2419 | vdb-entryx_refsource_VUPEN |
Date Public
2005-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15447"
},
{
"name": "17569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17569"
},
{
"name": "1015207",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://irannetjob.com/content/view/162/28/"
},
{
"name": "15443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15443"
},
{
"name": "20844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20844"
},
{
"name": "ADV-2005-2419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15447"
},
{
"name": "17569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17569"
},
{
"name": "1015207",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://irannetjob.com/content/view/162/28/"
},
{
"name": "15443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15443"
},
{
"name": "20844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20844"
},
{
"name": "ADV-2005-2419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15447"
},
{
"name": "17569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17569"
},
{
"name": "1015207",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015207"
},
{
"name": "http://irannetjob.com/content/view/162/28/",
"refsource": "MISC",
"url": "http://irannetjob.com/content/view/162/28/"
},
{
"name": "15443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15443"
},
{
"name": "20844",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20844"
},
{
"name": "ADV-2005-2419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3638",
"datePublished": "2005-11-16T21:17:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}