Vbzoom
Products
1- 13 CVEs
Recent CVEs
13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-1133 | 0.04 | — | 0.06 | Mar 10, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441. | ||
| CVE-2006-4634 | 0.03 | — | 0.01 | Sep 8, 2006 | Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441. | ||
| CVE-2006-3142 | 0.03 | — | 0.01 | Jun 22, 2006 | SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. | ||
| CVE-2006-1132 | 0.03 | — | 0.00 | Mar 10, 2006 | SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729. | ||
| CVE-2005-2441 | 0.03 | — | 0.01 | Aug 3, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php. | ||
| CVE-2007-3588 | 0.00 | — | 0.00 | Jul 5, 2007 | SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4. | ||
| CVE-2006-3691 | 0.00 | — | 0.01 | Jul 21, 2006 | Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php. | ||
| CVE-2006-3238 | 0.00 | — | 0.01 | Jun 27, 2006 | Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php. | ||
| CVE-2006-3239 | 0.00 | — | 0.01 | Jun 27, 2006 | SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | ||
| CVE-2006-3056 | 0.00 | — | 0.01 | Jun 16, 2006 | SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter. | ||
| CVE-2006-3054 | 0.00 | — | 0.01 | Jun 16, 2006 | Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php. | ||
| CVE-2006-3055 | 0.00 | — | 0.01 | Jun 16, 2006 | Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php. | ||
| CVE-2005-4729 | 0.00 | — | 0.01 | Dec 31, 2005 | SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. |
- CVE-2006-1133Mar 10, 2006risk 0.04cvss —epss 0.06
Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441.
- CVE-2006-4634Sep 8, 2006risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.
- CVE-2006-3142Jun 22, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
- CVE-2006-1132Mar 10, 2006risk 0.03cvss —epss 0.00
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729.
- CVE-2005-2441Aug 3, 2005risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.
- CVE-2007-3588Jul 5, 2007risk 0.00cvss —epss 0.00
SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4.
- CVE-2006-3691Jul 21, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php.
- CVE-2006-3238Jun 27, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.
- CVE-2006-3239Jun 27, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
- CVE-2006-3056Jun 16, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter.
- CVE-2006-3054Jun 16, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php.
- CVE-2006-3055Jun 16, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php.
- CVE-2005-4729Dec 31, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.