Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by webmobo
CVE-2009-4927 (GCVE-0-2009-4927)
Vulnerability from nvd – Published: 2010-07-09 17:00 – Updated: 2024-08-07 07:24
VLAI
Summary
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/8492 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/34609 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/34822 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:52.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8492",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8492"
},
{
"name": "34609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34609"
},
{
"name": "34822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8492",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8492"
},
{
"name": "34609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34609"
},
{
"name": "34822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8492",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8492"
},
{
"name": "34609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34609"
},
{
"name": "34822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4927",
"datePublished": "2010-07-09T17:00:00.000Z",
"dateReserved": "2010-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:52.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1712 (GCVE-0-2010-1712)
Vulnerability from nvd – Published: 2010-05-04 15:00 – Updated: 2024-08-07 01:35
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://inj3ct0r.com/exploits/11914 | x_refsource_MISC |
| http://www.itsecteam.com/en/vulnerabilities/vulne… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/12323 | exploitx_refsource_EXPLOIT-DB |
| http://www.hack0wn.com/view.php?xroot=1310.0&cat=… | x_refsource_MISC |
| http://secunia.com/advisories/39516 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/63973 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/39626 | vdb-entryx_refsource_BID |
Date Public
2010-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wbnews-comments-xss(58025)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://inj3ct0r.com/exploits/11914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm"
},
{
"name": "12323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hack0wn.com/view.php?xroot=1310.0\u0026cat=exploits"
},
{
"name": "39516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39516"
},
{
"name": "63973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/63973"
},
{
"name": "39626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wbnews-comments-xss(58025)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://inj3ct0r.com/exploits/11914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm"
},
{
"name": "12323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hack0wn.com/view.php?xroot=1310.0\u0026cat=exploits"
},
{
"name": "39516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39516"
},
{
"name": "63973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/63973"
},
{
"name": "39626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wbnews-comments-xss(58025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58025"
},
{
"name": "http://inj3ct0r.com/exploits/11914",
"refsource": "MISC",
"url": "http://inj3ct0r.com/exploits/11914"
},
{
"name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm",
"refsource": "MISC",
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm"
},
{
"name": "12323",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12323"
},
{
"name": "http://www.hack0wn.com/view.php?xroot=1310.0\u0026cat=exploits",
"refsource": "MISC",
"url": "http://www.hack0wn.com/view.php?xroot=1310.0\u0026cat=exploits"
},
{
"name": "39516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39516"
},
{
"name": "63973",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63973"
},
{
"name": "39626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1712",
"datePublished": "2010-05-04T15:00:00.000Z",
"dateReserved": "2010-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:35:53.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0294 (GCVE-0-2009-0294)
Vulnerability from nvd – Published: 2009-01-27 20:00 – Updated: 2024-08-07 04:31
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/33691 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/33434 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/500398/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2009-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33691"
},
{
"name": "33434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33434"
},
{
"name": "20090125 WB News v2.0.X Remote File include ..",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500398/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33691"
},
{
"name": "33434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33434"
},
{
"name": "20090125 WB News v2.0.X Remote File include ..",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500398/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33691"
},
{
"name": "33434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33434"
},
{
"name": "20090125 WB News v2.0.X Remote File include ..",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500398/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0294",
"datePublished": "2009-01-27T20:00:00.000Z",
"dateReserved": "2009-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:31:25.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1288 (GCVE-0-2007-1288)
Vulnerability from nvd – Published: 2007-03-07 00:00 – Updated: 2024-08-07 12:50
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/34954 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/34953 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2355 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/34952 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/34951 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/461674/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34954"
},
{
"name": "34953",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34953"
},
{
"name": "wbnews-multiple-scripts-file-include(32774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32774"
},
{
"name": "2355",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2355"
},
{
"name": "34952",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34952"
},
{
"name": "34951",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34951"
},
{
"name": "20070301 WB News Remote File Include in all versions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461674/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34954"
},
{
"name": "34953",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34953"
},
{
"name": "wbnews-multiple-scripts-file-include(32774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32774"
},
{
"name": "2355",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2355"
},
{
"name": "34952",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34952"
},
{
"name": "34951",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34951"
},
{
"name": "20070301 WB News Remote File Include in all versions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461674/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34954",
"refsource": "OSVDB",
"url": "http://osvdb.org/34954"
},
{
"name": "34953",
"refsource": "OSVDB",
"url": "http://osvdb.org/34953"
},
{
"name": "wbnews-multiple-scripts-file-include(32774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32774"
},
{
"name": "2355",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2355"
},
{
"name": "34952",
"refsource": "OSVDB",
"url": "http://osvdb.org/34952"
},
{
"name": "34951",
"refsource": "OSVDB",
"url": "http://osvdb.org/34951"
},
{
"name": "20070301 WB News Remote File Include in all versions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461674/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1288",
"datePublished": "2007-03-07T00:00:00.000Z",
"dateReserved": "2007-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:50:35.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0241 (GCVE-0-2006-0241)
Vulnerability from nvd – Published: 2006-01-18 01:00 – Updated: 2024-08-07 16:25
VLAI
Summary
Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/422133/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/16277 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/18499 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/0237 | vdb-entryx_refsource_VUPEN |
Date Public
2006-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060117 XSS in WBNews \u003c = v1.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422133/100/0/threaded"
},
{
"name": "16277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16277"
},
{
"name": "18499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18499"
},
{
"name": "ADV-2006-0237",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060117 XSS in WBNews \u003c = v1.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422133/100/0/threaded"
},
{
"name": "16277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16277"
},
{
"name": "18499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18499"
},
{
"name": "ADV-2006-0237",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060117 XSS in WBNews \u003c = v1.1.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422133/100/0/threaded"
},
{
"name": "16277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16277"
},
{
"name": "18499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18499"
},
{
"name": "ADV-2006-0237",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0241",
"datePublished": "2006-01-18T01:00:00.000Z",
"dateReserved": "2006-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:34.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4927 (GCVE-0-2009-4927)
Vulnerability from cvelistv5 – Published: 2010-07-09 17:00 – Updated: 2024-08-07 07:24
VLAI
Summary
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/8492 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/34609 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/34822 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:52.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8492",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8492"
},
{
"name": "34609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34609"
},
{
"name": "34822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8492",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8492"
},
{
"name": "34609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34609"
},
{
"name": "34822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8492",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8492"
},
{
"name": "34609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34609"
},
{
"name": "34822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4927",
"datePublished": "2010-07-09T17:00:00.000Z",
"dateReserved": "2010-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:52.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1712 (GCVE-0-2010-1712)
Vulnerability from cvelistv5 – Published: 2010-05-04 15:00 – Updated: 2024-08-07 01:35
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://inj3ct0r.com/exploits/11914 | x_refsource_MISC |
| http://www.itsecteam.com/en/vulnerabilities/vulne… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/12323 | exploitx_refsource_EXPLOIT-DB |
| http://www.hack0wn.com/view.php?xroot=1310.0&cat=… | x_refsource_MISC |
| http://secunia.com/advisories/39516 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/63973 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/39626 | vdb-entryx_refsource_BID |
Date Public
2010-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wbnews-comments-xss(58025)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://inj3ct0r.com/exploits/11914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm"
},
{
"name": "12323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hack0wn.com/view.php?xroot=1310.0\u0026cat=exploits"
},
{
"name": "39516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39516"
},
{
"name": "63973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/63973"
},
{
"name": "39626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wbnews-comments-xss(58025)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://inj3ct0r.com/exploits/11914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm"
},
{
"name": "12323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hack0wn.com/view.php?xroot=1310.0\u0026cat=exploits"
},
{
"name": "39516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39516"
},
{
"name": "63973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/63973"
},
{
"name": "39626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wbnews-comments-xss(58025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58025"
},
{
"name": "http://inj3ct0r.com/exploits/11914",
"refsource": "MISC",
"url": "http://inj3ct0r.com/exploits/11914"
},
{
"name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm",
"refsource": "MISC",
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm"
},
{
"name": "12323",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12323"
},
{
"name": "http://www.hack0wn.com/view.php?xroot=1310.0\u0026cat=exploits",
"refsource": "MISC",
"url": "http://www.hack0wn.com/view.php?xroot=1310.0\u0026cat=exploits"
},
{
"name": "39516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39516"
},
{
"name": "63973",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63973"
},
{
"name": "39626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1712",
"datePublished": "2010-05-04T15:00:00.000Z",
"dateReserved": "2010-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:35:53.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0294 (GCVE-0-2009-0294)
Vulnerability from cvelistv5 – Published: 2009-01-27 20:00 – Updated: 2024-08-07 04:31
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/33691 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/33434 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/500398/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2009-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33691"
},
{
"name": "33434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33434"
},
{
"name": "20090125 WB News v2.0.X Remote File include ..",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500398/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33691"
},
{
"name": "33434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33434"
},
{
"name": "20090125 WB News v2.0.X Remote File include ..",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500398/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33691"
},
{
"name": "33434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33434"
},
{
"name": "20090125 WB News v2.0.X Remote File include ..",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500398/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0294",
"datePublished": "2009-01-27T20:00:00.000Z",
"dateReserved": "2009-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:31:25.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1288 (GCVE-0-2007-1288)
Vulnerability from cvelistv5 – Published: 2007-03-07 00:00 – Updated: 2024-08-07 12:50
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/34954 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/34953 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2355 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/34952 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/34951 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/461674/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34954"
},
{
"name": "34953",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34953"
},
{
"name": "wbnews-multiple-scripts-file-include(32774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32774"
},
{
"name": "2355",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2355"
},
{
"name": "34952",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34952"
},
{
"name": "34951",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34951"
},
{
"name": "20070301 WB News Remote File Include in all versions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461674/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34954"
},
{
"name": "34953",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34953"
},
{
"name": "wbnews-multiple-scripts-file-include(32774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32774"
},
{
"name": "2355",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2355"
},
{
"name": "34952",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34952"
},
{
"name": "34951",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34951"
},
{
"name": "20070301 WB News Remote File Include in all versions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461674/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34954",
"refsource": "OSVDB",
"url": "http://osvdb.org/34954"
},
{
"name": "34953",
"refsource": "OSVDB",
"url": "http://osvdb.org/34953"
},
{
"name": "wbnews-multiple-scripts-file-include(32774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32774"
},
{
"name": "2355",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2355"
},
{
"name": "34952",
"refsource": "OSVDB",
"url": "http://osvdb.org/34952"
},
{
"name": "34951",
"refsource": "OSVDB",
"url": "http://osvdb.org/34951"
},
{
"name": "20070301 WB News Remote File Include in all versions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461674/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1288",
"datePublished": "2007-03-07T00:00:00.000Z",
"dateReserved": "2007-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:50:35.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0241 (GCVE-0-2006-0241)
Vulnerability from cvelistv5 – Published: 2006-01-18 01:00 – Updated: 2024-08-07 16:25
VLAI
Summary
Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/422133/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/16277 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/18499 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/0237 | vdb-entryx_refsource_VUPEN |
Date Public
2006-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060117 XSS in WBNews \u003c = v1.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422133/100/0/threaded"
},
{
"name": "16277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16277"
},
{
"name": "18499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18499"
},
{
"name": "ADV-2006-0237",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060117 XSS in WBNews \u003c = v1.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422133/100/0/threaded"
},
{
"name": "16277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16277"
},
{
"name": "18499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18499"
},
{
"name": "ADV-2006-0237",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060117 XSS in WBNews \u003c = v1.1.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422133/100/0/threaded"
},
{
"name": "16277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16277"
},
{
"name": "18499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18499"
},
{
"name": "ADV-2006-0237",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0241",
"datePublished": "2006-01-18T01:00:00.000Z",
"dateReserved": "2006-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:34.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}