Dvbbs

CVEs (5)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2009-4470	0.03	—	0.00	Dec 30, 2009	SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.
CVE-2008-5222	0.03	—	0.00	Nov 25, 2008	SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2005-2588	0.03	—	0.02	Aug 17, 2005	Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.
CVE-2005-2318	0.03	—	0.01	Jul 19, 2005	Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2007-3774	0.00	—	0.00	Jul 15, 2007	Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.

CVE-2009-4470Dec 30, 2009
risk 0.03cvss —epss 0.00
SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.
CVE-2008-5222Nov 25, 2008
risk 0.03cvss —epss 0.00
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2005-2588Aug 17, 2005
risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.
CVE-2005-2318Jul 19, 2005
risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2007-3774Jul 15, 2007
risk 0.00cvss —epss 0.00
Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.