) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:sir:gnuboard:3.40:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-2339 |
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter. Published: March 19, 2014; 10:17:45 AM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
| CVE-2012-4873 |
Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. Published: September 06, 2012; 5:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2011-4066 |
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. Published: November 04, 2011; 5:55:09 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2005-0269 |
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters. Published: May 02, 2005; 12:00:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |