Bulletin Board Ace
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-5187 | 0.04 | — | 0.08 | Oct 10, 2006 | PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||
| CVE-2008-2492 | 0.03 | — | 0.00 | May 28, 2008 | Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp. | |||
| CVE-2002-1829 | 0.03 | — | 0.01 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to inject arbitrary web script or HTML via (1) myhome.php, (2) an onerror attribute in an IMG tag (a variant of CVE-2002-0330), or (3) a glow tag. | |||
| CVE-2008-4766 | 0.00 | — | 0.00 | Oct 28, 2008 | SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
- CVE-2006-5187Oct 10, 2006risk 0.04cvss —epss 0.08
PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
- CVE-2008-2492May 28, 2008risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.
- CVE-2002-1829Dec 31, 2002risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to inject arbitrary web script or HTML via (1) myhome.php, (2) an onerror attribute in an IMG tag (a variant of CVE-2002-0330), or (3) a glow tag.
- CVE-2008-4766Oct 28, 2008risk 0.00cvss —epss 0.00
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.