Discuz
Products
6- 4 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6957 | 0.04 | — | 0.07 | Aug 12, 2009 | member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | ||
| CVE-2010-4912 | 0.03 | — | 0.00 | Oct 8, 2011 | SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action. | ||
| CVE-2009-3185 | 0.03 | — | 0.00 | Sep 15, 2009 | SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action. | ||
| CVE-2008-6958 | 0.03 | — | 0.04 | Aug 12, 2009 | wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter. | ||
| CVE-2008-3554 | 0.03 | — | 0.00 | Aug 8, 2008 | SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action. | ||
| CVE-2006-5561 | 0.03 | — | 0.02 | Oct 27, 2006 | SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie. | ||
| CVE-2004-0254 | 0.03 | — | 0.06 | Nov 23, 2004 | Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag. | ||
| CVE-2001-0380 | 0.03 | — | 0.03 | Jun 18, 2001 | Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'. | ||
| CVE-2005-2614 | 0.00 | — | 0.02 | Aug 17, 2005 | Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php. |
- CVE-2008-6957Aug 12, 2009risk 0.04cvss —epss 0.07
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
- CVE-2010-4912Oct 8, 2011risk 0.03cvss —epss 0.00
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
- CVE-2009-3185Sep 15, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.
- CVE-2008-6958Aug 12, 2009risk 0.03cvss —epss 0.04
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
- CVE-2008-3554Aug 8, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
- CVE-2006-5561Oct 27, 2006risk 0.03cvss —epss 0.02
SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.
- CVE-2004-0254Nov 23, 2004risk 0.03cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.
- CVE-2001-0380Jun 18, 2001risk 0.03cvss —epss 0.03
Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'.
- CVE-2005-2614Aug 17, 2005risk 0.00cvss —epss 0.02
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.