Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    16 vulnerabilities by powerscripts

    CVE-2009-0707 (GCVE-0-2009-0707)

    Vulnerability from nvd – Published: 2009-02-23 15:00 – Updated: 2024-08-07 04:48
    VLAI
    Summary
    SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/51112 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/7642 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/33083 vdb-entryx_refsource_BID
    http://secunia.com/advisories/33362 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-01-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:48:51.648Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "51112",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51112"
              },
              {
                "name": "powerclan-index-sql-injection(47702)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47702"
              },
              {
                "name": "7642",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/7642"
              },
              {
                "name": "33083",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33083"
              },
              {
                "name": "33362",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33362"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field).  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "51112",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51112"
            },
            {
              "name": "powerclan-index-sql-injection(47702)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47702"
            },
            {
              "name": "7642",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/7642"
            },
            {
              "name": "33083",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33083"
            },
            {
              "name": "33362",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33362"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0707",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field).  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "51112",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51112"
                },
                {
                  "name": "powerclan-index-sql-injection(47702)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47702"
                },
                {
                  "name": "7642",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/7642"
                },
                {
                  "name": "33083",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33083"
                },
                {
                  "name": "33362",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33362"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0707",
        "datePublished": "2009-02-23T15:00:00.000Z",
        "dateReserved": "2009-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:48:51.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0705 (GCVE-0-2009-0705)

    Vulnerability from nvd – Published: 2009-02-23 15:00 – Updated: 2024-08-07 04:48
    VLAI
    Summary
    SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/33081 vdb-entryx_refsource_BID
    http://secunia.com/advisories/33363 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/51110 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/7641 exploitx_refsource_EXPLOIT-DB
    Date Public
    2009-01-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:48:51.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "powernews-news-sql-injection(47701)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701"
              },
              {
                "name": "33081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33081"
              },
              {
                "name": "33363",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33363"
              },
              {
                "name": "51110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51110"
              },
              {
                "name": "7641",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/7641"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "powernews-news-sql-injection(47701)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701"
            },
            {
              "name": "33081",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33081"
            },
            {
              "name": "33363",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33363"
            },
            {
              "name": "51110",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51110"
            },
            {
              "name": "7641",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/7641"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0705",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "powernews-news-sql-injection(47701)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701"
                },
                {
                  "name": "33081",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33081"
                },
                {
                  "name": "33363",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33363"
                },
                {
                  "name": "51110",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51110"
                },
                {
                  "name": "7641",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/7641"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0705",
        "datePublished": "2009-02-23T15:00:00.000Z",
        "dateReserved": "2009-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:48:51.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1534 (GCVE-0-2008-1534)

    Vulnerability from nvd – Published: 2008-03-28 18:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3782 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/5303 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/archive/1/490011/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/28421 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/0992… vdb-entryx_refsource_VUPEN
    Date Public
    2008-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "powerphpboard-footerheader-file-include(41403)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41403"
              },
              {
                "name": "3782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3782"
              },
              {
                "name": "5303",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5303"
              },
              {
                "name": "20080324 [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/490011/100/0/threaded"
              },
              {
                "name": "28421",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28421"
              },
              {
                "name": "ADV-2008-0992",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0992/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "powerphpboard-footerheader-file-include(41403)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41403"
            },
            {
              "name": "3782",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3782"
            },
            {
              "name": "5303",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5303"
            },
            {
              "name": "20080324 [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/490011/100/0/threaded"
            },
            {
              "name": "28421",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28421"
            },
            {
              "name": "ADV-2008-0992",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0992/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1534",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "powerphpboard-footerheader-file-include(41403)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41403"
                },
                {
                  "name": "3782",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3782"
                },
                {
                  "name": "5303",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5303"
                },
                {
                  "name": "20080324 [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/490011/100/0/threaded"
                },
                {
                  "name": "28421",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28421"
                },
                {
                  "name": "ADV-2008-0992",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0992/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1534",
        "datePublished": "2008-03-28T18:00:00.000Z",
        "dateReserved": "2008-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1537 (GCVE-0-2008-1537)

    Vulnerability from nvd – Published: 2008-03-28 18:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/490008/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/5302 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3783 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/29480 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/28418 vdb-entryx_refsource_BID
    Date Public
    2008-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080324 [DSECRG-08-019] LFI in PowerBook 1.21",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/490008/100/0/threaded"
              },
              {
                "name": "5302",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5302"
              },
              {
                "name": "powerbook-index-file-include(41393)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41393"
              },
              {
                "name": "3783",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3783"
              },
              {
                "name": "29480",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29480"
              },
              {
                "name": "28418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28418"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a ..  (dot dot) in the page parameter.  NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080324 [DSECRG-08-019] LFI in PowerBook 1.21",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/490008/100/0/threaded"
            },
            {
              "name": "5302",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5302"
            },
            {
              "name": "powerbook-index-file-include(41393)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41393"
            },
            {
              "name": "3783",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3783"
            },
            {
              "name": "29480",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29480"
            },
            {
              "name": "28418",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28418"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1537",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a ..  (dot dot) in the page parameter.  NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080324 [DSECRG-08-019] LFI in PowerBook 1.21",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/490008/100/0/threaded"
                },
                {
                  "name": "5302",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5302"
                },
                {
                  "name": "powerbook-index-file-include(41393)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41393"
                },
                {
                  "name": "3783",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3783"
                },
                {
                  "name": "29480",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29480"
                },
                {
                  "name": "28418",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28418"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1537",
        "datePublished": "2008-03-28T18:00:00.000Z",
        "dateReserved": "2008-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0742 (GCVE-0-2008-0742)

    Vulnerability from nvd – Published: 2008-02-13 01:00 – Updated: 2024-08-07 07:54
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/5082 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/3647 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/27688 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/487773/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-02-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:54:23.298Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "5082",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5082"
              },
              {
                "name": "3647",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3647"
              },
              {
                "name": "27688",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27688"
              },
              {
                "name": "20080208 [DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487773/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php.  NOTE: vector 2 is only exploitable by administrators."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "5082",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5082"
            },
            {
              "name": "3647",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3647"
            },
            {
              "name": "27688",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27688"
            },
            {
              "name": "20080208 [DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487773/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0742",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php.  NOTE: vector 2 is only exploitable by administrators."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "5082",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5082"
                },
                {
                  "name": "3647",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3647"
                },
                {
                  "name": "27688",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27688"
                },
                {
                  "name": "20080208 [DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487773/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0742",
        "datePublished": "2008-02-13T01:00:00.000Z",
        "dateReserved": "2008-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:54:23.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6715 (GCVE-0-2006-6715)

    Vulnerability from nvd – Published: 2006-12-23 01:00 – Updated: 2024-08-07 20:34
    VLAI
    Summary
    PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/2973 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/23450 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/5119 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/21707 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/490009/100… mailing-listx_refsource_BUGTRAQ
    http://www.attrition.org/pipermail/vim/2006-Decem… mailing-listx_refsource_VIM
    Date Public
    2006-12-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:34:00.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2973",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2973"
              },
              {
                "name": "23450",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23450"
              },
              {
                "name": "ADV-2006-5119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/5119"
              },
              {
                "name": "21707",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21707"
              },
              {
                "name": "20080324 [DSECRG-08-020] RFI-LFI in PowerClan 1.14a",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/490009/100/0/threaded"
              },
              {
                "name": "20061222 Source verify of PowerClan RFI",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2006-December/001194.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-12-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2973",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2973"
            },
            {
              "name": "23450",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23450"
            },
            {
              "name": "ADV-2006-5119",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/5119"
            },
            {
              "name": "21707",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21707"
            },
            {
              "name": "20080324 [DSECRG-08-020] RFI-LFI in PowerClan 1.14a",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/490009/100/0/threaded"
            },
            {
              "name": "20061222 Source verify of PowerClan RFI",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2006-December/001194.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6715",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2973",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2973"
                },
                {
                  "name": "23450",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23450"
                },
                {
                  "name": "ADV-2006-5119",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/5119"
                },
                {
                  "name": "21707",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21707"
                },
                {
                  "name": "20080324 [DSECRG-08-020] RFI-LFI in PowerClan 1.14a",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/490009/100/0/threaded"
                },
                {
                  "name": "20061222 Source verify of PowerClan RFI",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2006-December/001194.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6715",
        "datePublished": "2006-12-23T01:00:00.000Z",
        "dateReserved": "2006-12-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:34:00.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1805 (GCVE-0-2006-1805)

    Vulnerability from nvd – Published: 2006-04-18 10:00 – Updated: 2024-08-07 17:27
    VLAI
    Summary
    SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://d4igoro.blogspot.com/2006/04/powerclan-114… x_refsource_MISC
    http://secunia.com/advisories/19689 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/1371 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/17528 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/431005/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/706 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:27:28.853Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://d4igoro.blogspot.com/2006/04/powerclan-114-sql-injection.html"
              },
              {
                "name": "19689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19689"
              },
              {
                "name": "ADV-2006-1371",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1371"
              },
              {
                "name": "powerclan-member-sql-injection(25876)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25876"
              },
              {
                "name": "17528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17528"
              },
              {
                "name": "20060413 PowerClan 1.14 - SQL Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/431005/100/0/threaded"
              },
              {
                "name": "706",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://d4igoro.blogspot.com/2006/04/powerclan-114-sql-injection.html"
            },
            {
              "name": "19689",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19689"
            },
            {
              "name": "ADV-2006-1371",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1371"
            },
            {
              "name": "powerclan-member-sql-injection(25876)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25876"
            },
            {
              "name": "17528",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17528"
            },
            {
              "name": "20060413 PowerClan 1.14 - SQL Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/431005/100/0/threaded"
            },
            {
              "name": "706",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/706"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://d4igoro.blogspot.com/2006/04/powerclan-114-sql-injection.html",
                  "refsource": "MISC",
                  "url": "http://d4igoro.blogspot.com/2006/04/powerclan-114-sql-injection.html"
                },
                {
                  "name": "19689",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19689"
                },
                {
                  "name": "ADV-2006-1371",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1371"
                },
                {
                  "name": "powerclan-member-sql-injection(25876)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25876"
                },
                {
                  "name": "17528",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17528"
                },
                {
                  "name": "20060413 PowerClan 1.14 - SQL Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/431005/100/0/threaded"
                },
                {
                  "name": "706",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/706"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1805",
        "datePublished": "2006-04-18T10:00:00.000Z",
        "dateReserved": "2006-04-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:27:28.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2000-0074 (GCVE-0-2000-0074)

    Vulnerability from nvd – Published: 2000-02-04 05:00 – Updated: 2024-08-08 05:05
    VLAI
    Summary
    PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2000-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T05:05:53.862Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-17T08:20:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2000-0074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2000-0074",
        "datePublished": "2000-02-04T05:00:00.000Z",
        "dateReserved": "2000-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T05:05:53.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0705 (GCVE-0-2009-0705)

    Vulnerability from cvelistv5 – Published: 2009-02-23 15:00 – Updated: 2024-08-07 04:48
    VLAI
    Summary
    SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/33081 vdb-entryx_refsource_BID
    http://secunia.com/advisories/33363 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/51110 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/7641 exploitx_refsource_EXPLOIT-DB
    Date Public
    2009-01-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:48:51.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "powernews-news-sql-injection(47701)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701"
              },
              {
                "name": "33081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33081"
              },
              {
                "name": "33363",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33363"
              },
              {
                "name": "51110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51110"
              },
              {
                "name": "7641",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/7641"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "powernews-news-sql-injection(47701)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701"
            },
            {
              "name": "33081",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33081"
            },
            {
              "name": "33363",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33363"
            },
            {
              "name": "51110",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51110"
            },
            {
              "name": "7641",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/7641"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0705",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "powernews-news-sql-injection(47701)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701"
                },
                {
                  "name": "33081",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33081"
                },
                {
                  "name": "33363",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33363"
                },
                {
                  "name": "51110",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51110"
                },
                {
                  "name": "7641",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/7641"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0705",
        "datePublished": "2009-02-23T15:00:00.000Z",
        "dateReserved": "2009-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:48:51.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0707 (GCVE-0-2009-0707)

    Vulnerability from cvelistv5 – Published: 2009-02-23 15:00 – Updated: 2024-08-07 04:48
    VLAI
    Summary
    SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/51112 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/7642 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/33083 vdb-entryx_refsource_BID
    http://secunia.com/advisories/33362 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-01-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:48:51.648Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "51112",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51112"
              },
              {
                "name": "powerclan-index-sql-injection(47702)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47702"
              },
              {
                "name": "7642",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/7642"
              },
              {
                "name": "33083",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33083"
              },
              {
                "name": "33362",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33362"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field).  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "51112",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51112"
            },
            {
              "name": "powerclan-index-sql-injection(47702)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47702"
            },
            {
              "name": "7642",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/7642"
            },
            {
              "name": "33083",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33083"
            },
            {
              "name": "33362",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33362"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0707",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field).  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "51112",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51112"
                },
                {
                  "name": "powerclan-index-sql-injection(47702)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47702"
                },
                {
                  "name": "7642",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/7642"
                },
                {
                  "name": "33083",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33083"
                },
                {
                  "name": "33362",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33362"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0707",
        "datePublished": "2009-02-23T15:00:00.000Z",
        "dateReserved": "2009-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:48:51.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1534 (GCVE-0-2008-1534)

    Vulnerability from cvelistv5 – Published: 2008-03-28 18:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3782 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/5303 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/archive/1/490011/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/28421 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/0992… vdb-entryx_refsource_VUPEN
    Date Public
    2008-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "powerphpboard-footerheader-file-include(41403)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41403"
              },
              {
                "name": "3782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3782"
              },
              {
                "name": "5303",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5303"
              },
              {
                "name": "20080324 [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/490011/100/0/threaded"
              },
              {
                "name": "28421",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28421"
              },
              {
                "name": "ADV-2008-0992",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0992/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "powerphpboard-footerheader-file-include(41403)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41403"
            },
            {
              "name": "3782",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3782"
            },
            {
              "name": "5303",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5303"
            },
            {
              "name": "20080324 [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/490011/100/0/threaded"
            },
            {
              "name": "28421",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28421"
            },
            {
              "name": "ADV-2008-0992",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0992/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1534",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "powerphpboard-footerheader-file-include(41403)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41403"
                },
                {
                  "name": "3782",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3782"
                },
                {
                  "name": "5303",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5303"
                },
                {
                  "name": "20080324 [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/490011/100/0/threaded"
                },
                {
                  "name": "28421",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28421"
                },
                {
                  "name": "ADV-2008-0992",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0992/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1534",
        "datePublished": "2008-03-28T18:00:00.000Z",
        "dateReserved": "2008-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1537 (GCVE-0-2008-1537)

    Vulnerability from cvelistv5 – Published: 2008-03-28 18:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/490008/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/5302 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3783 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/29480 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/28418 vdb-entryx_refsource_BID
    Date Public
    2008-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080324 [DSECRG-08-019] LFI in PowerBook 1.21",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/490008/100/0/threaded"
              },
              {
                "name": "5302",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5302"
              },
              {
                "name": "powerbook-index-file-include(41393)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41393"
              },
              {
                "name": "3783",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3783"
              },
              {
                "name": "29480",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29480"
              },
              {
                "name": "28418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28418"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a ..  (dot dot) in the page parameter.  NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080324 [DSECRG-08-019] LFI in PowerBook 1.21",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/490008/100/0/threaded"
            },
            {
              "name": "5302",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5302"
            },
            {
              "name": "powerbook-index-file-include(41393)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41393"
            },
            {
              "name": "3783",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3783"
            },
            {
              "name": "29480",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29480"
            },
            {
              "name": "28418",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28418"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1537",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a ..  (dot dot) in the page parameter.  NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080324 [DSECRG-08-019] LFI in PowerBook 1.21",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/490008/100/0/threaded"
                },
                {
                  "name": "5302",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5302"
                },
                {
                  "name": "powerbook-index-file-include(41393)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41393"
                },
                {
                  "name": "3783",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3783"
                },
                {
                  "name": "29480",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29480"
                },
                {
                  "name": "28418",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28418"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1537",
        "datePublished": "2008-03-28T18:00:00.000Z",
        "dateReserved": "2008-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0742 (GCVE-0-2008-0742)

    Vulnerability from cvelistv5 – Published: 2008-02-13 01:00 – Updated: 2024-08-07 07:54
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/5082 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/3647 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/27688 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/487773/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-02-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:54:23.298Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "5082",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5082"
              },
              {
                "name": "3647",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3647"
              },
              {
                "name": "27688",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27688"
              },
              {
                "name": "20080208 [DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487773/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php.  NOTE: vector 2 is only exploitable by administrators."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "5082",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5082"
            },
            {
              "name": "3647",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3647"
            },
            {
              "name": "27688",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27688"
            },
            {
              "name": "20080208 [DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487773/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0742",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php.  NOTE: vector 2 is only exploitable by administrators."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "5082",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5082"
                },
                {
                  "name": "3647",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3647"
                },
                {
                  "name": "27688",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27688"
                },
                {
                  "name": "20080208 [DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487773/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0742",
        "datePublished": "2008-02-13T01:00:00.000Z",
        "dateReserved": "2008-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:54:23.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6715 (GCVE-0-2006-6715)

    Vulnerability from cvelistv5 – Published: 2006-12-23 01:00 – Updated: 2024-08-07 20:34
    VLAI
    Summary
    PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/2973 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/23450 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/5119 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/21707 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/490009/100… mailing-listx_refsource_BUGTRAQ
    http://www.attrition.org/pipermail/vim/2006-Decem… mailing-listx_refsource_VIM
    Date Public
    2006-12-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:34:00.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2973",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2973"
              },
              {
                "name": "23450",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23450"
              },
              {
                "name": "ADV-2006-5119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/5119"
              },
              {
                "name": "21707",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21707"
              },
              {
                "name": "20080324 [DSECRG-08-020] RFI-LFI in PowerClan 1.14a",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/490009/100/0/threaded"
              },
              {
                "name": "20061222 Source verify of PowerClan RFI",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2006-December/001194.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-12-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2973",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2973"
            },
            {
              "name": "23450",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23450"
            },
            {
              "name": "ADV-2006-5119",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/5119"
            },
            {
              "name": "21707",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21707"
            },
            {
              "name": "20080324 [DSECRG-08-020] RFI-LFI in PowerClan 1.14a",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/490009/100/0/threaded"
            },
            {
              "name": "20061222 Source verify of PowerClan RFI",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2006-December/001194.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6715",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2973",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2973"
                },
                {
                  "name": "23450",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23450"
                },
                {
                  "name": "ADV-2006-5119",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/5119"
                },
                {
                  "name": "21707",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21707"
                },
                {
                  "name": "20080324 [DSECRG-08-020] RFI-LFI in PowerClan 1.14a",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/490009/100/0/threaded"
                },
                {
                  "name": "20061222 Source verify of PowerClan RFI",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2006-December/001194.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6715",
        "datePublished": "2006-12-23T01:00:00.000Z",
        "dateReserved": "2006-12-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:34:00.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1805 (GCVE-0-2006-1805)

    Vulnerability from cvelistv5 – Published: 2006-04-18 10:00 – Updated: 2024-08-07 17:27
    VLAI
    Summary
    SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://d4igoro.blogspot.com/2006/04/powerclan-114… x_refsource_MISC
    http://secunia.com/advisories/19689 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/1371 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/17528 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/431005/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/706 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:27:28.853Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://d4igoro.blogspot.com/2006/04/powerclan-114-sql-injection.html"
              },
              {
                "name": "19689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19689"
              },
              {
                "name": "ADV-2006-1371",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1371"
              },
              {
                "name": "powerclan-member-sql-injection(25876)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25876"
              },
              {
                "name": "17528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17528"
              },
              {
                "name": "20060413 PowerClan 1.14 - SQL Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/431005/100/0/threaded"
              },
              {
                "name": "706",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://d4igoro.blogspot.com/2006/04/powerclan-114-sql-injection.html"
            },
            {
              "name": "19689",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19689"
            },
            {
              "name": "ADV-2006-1371",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1371"
            },
            {
              "name": "powerclan-member-sql-injection(25876)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25876"
            },
            {
              "name": "17528",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17528"
            },
            {
              "name": "20060413 PowerClan 1.14 - SQL Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/431005/100/0/threaded"
            },
            {
              "name": "706",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/706"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://d4igoro.blogspot.com/2006/04/powerclan-114-sql-injection.html",
                  "refsource": "MISC",
                  "url": "http://d4igoro.blogspot.com/2006/04/powerclan-114-sql-injection.html"
                },
                {
                  "name": "19689",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19689"
                },
                {
                  "name": "ADV-2006-1371",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1371"
                },
                {
                  "name": "powerclan-member-sql-injection(25876)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25876"
                },
                {
                  "name": "17528",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17528"
                },
                {
                  "name": "20060413 PowerClan 1.14 - SQL Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/431005/100/0/threaded"
                },
                {
                  "name": "706",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/706"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1805",
        "datePublished": "2006-04-18T10:00:00.000Z",
        "dateReserved": "2006-04-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:27:28.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2000-0074 (GCVE-0-2000-0074)

    Vulnerability from cvelistv5 – Published: 2000-02-04 05:00 – Updated: 2024-08-08 05:05
    VLAI
    Summary
    PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2000-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T05:05:53.862Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-17T08:20:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2000-0074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0074"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2000-0074",
        "datePublished": "2000-02-04T05:00:00.000Z",
        "dateReserved": "2000-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T05:05:53.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }