Search

Find a vulnerability

Search criteria

    18 vulnerabilities by zeroboard

    CVE-2004-2738 (GCVE-0-2004-2738)

    Vulnerability from cvelistv5 – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=110391024404947&w=2 mailing-listx_refsource_BUGTRAQ
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/12582 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/13649 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/12103 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1012677 vdb-entryx_refsource_SECTRACK
    Date Public
    2004-12-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
              },
              {
                "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
              },
              {
                "name": "12582",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12582"
              },
              {
                "name": "13649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13649"
              },
              {
                "name": "12103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12103"
              },
              {
                "name": "zeroboard-checkuserid-xss(18680)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18680"
              },
              {
                "name": "1012677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012677"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
            },
            {
              "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
            },
            {
              "name": "12582",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12582"
            },
            {
              "name": "13649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13649"
            },
            {
              "name": "12103",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12103"
            },
            {
              "name": "zeroboard-checkuserid-xss(18680)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18680"
            },
            {
              "name": "1012677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012677"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
                },
                {
                  "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
                },
                {
                  "name": "12582",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12582"
                },
                {
                  "name": "13649",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13649"
                },
                {
                  "name": "12103",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12103"
                },
                {
                  "name": "zeroboard-checkuserid-xss(18680)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18680"
                },
                {
                  "name": "1012677",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012677"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2738",
        "datePublished": "2007-10-09T10:00:00.000Z",
        "dateReserved": "2007-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3070 (GCVE-0-2006-3070)

    Vulnerability from cvelistv5 – Published: 2006-06-19 10:00 – Updated: 2024-08-07 18:16
    VLAI
    Summary
    write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/2318 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/437442/30/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/18465 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securecast.wins21.com/zerovul.html x_refsource_MISC
    http://marc.info/?l=full-disclosure&m=11504456783… mailing-listx_refsource_FULLDISC
    http://secunia.com/advisories/20592 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-06-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:16:05.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-2318",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2318"
              },
              {
                "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"
              },
              {
                "name": "18465",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18465"
              },
              {
                "name": "zeroboard-htaccess-file-upload-(27038)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securecast.wins21.com/zerovul.html"
              },
              {
                "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=115044567831726\u0026w=2"
              },
              {
                "name": "20592",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20592"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-2318",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2318"
            },
            {
              "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"
            },
            {
              "name": "18465",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18465"
            },
            {
              "name": "zeroboard-htaccess-file-upload-(27038)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securecast.wins21.com/zerovul.html"
            },
            {
              "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=115044567831726\u0026w=2"
            },
            {
              "name": "20592",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20592"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-2318",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2318"
                },
                {
                  "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"
                },
                {
                  "name": "18465",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18465"
                },
                {
                  "name": "zeroboard-htaccess-file-upload-(27038)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"
                },
                {
                  "name": "http://securecast.wins21.com/zerovul.html",
                  "refsource": "MISC",
                  "url": "http://securecast.wins21.com/zerovul.html"
                },
                {
                  "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=115044567831726\u0026w=2"
                },
                {
                  "name": "20592",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20592"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3070",
        "datePublished": "2006-06-19T10:00:00.000Z",
        "dateReserved": "2006-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:16:05.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1222 (GCVE-0-2006-1222)

    Vulnerability from cvelistv5 – Published: 2006-03-14 11:00 – Updated: 2024-08-07 17:03
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:03:28.473Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19214",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19214"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"
              },
              {
                "name": "ADV-2006-0944",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0944"
              },
              {
                "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2\u0026no=5406"
              },
              {
                "name": "17075",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17075"
              },
              {
                "name": "23847",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/23847"
              },
              {
                "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"
              },
              {
                "name": "zeroboard-multiple-fields-xss(25212)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19214",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19214"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"
            },
            {
              "name": "ADV-2006-0944",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0944"
            },
            {
              "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2\u0026no=5406"
            },
            {
              "name": "17075",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17075"
            },
            {
              "name": "23847",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/23847"
            },
            {
              "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"
            },
            {
              "name": "zeroboard-multiple-fields-xss(25212)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1222",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19214",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19214"
                },
                {
                  "name": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf",
                  "refsource": "MISC",
                  "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"
                },
                {
                  "name": "ADV-2006-0944",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0944"
                },
                {
                  "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"
                },
                {
                  "name": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2\u0026no=5406",
                  "refsource": "CONFIRM",
                  "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2\u0026no=5406"
                },
                {
                  "name": "17075",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17075"
                },
                {
                  "name": "23847",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/23847"
                },
                {
                  "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"
                },
                {
                  "name": "zeroboard-multiple-fields-xss(25212)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1222",
        "datePublished": "2006-03-14T11:00:00.000Z",
        "dateReserved": "2006-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:03:28.473Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1704 (GCVE-0-2002-1704)

    Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/5028 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://online.securityfocus.com/archive/1/277126 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:55.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "5028",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5028"
              },
              {
                "name": "zeroboard-include-remote-file(9366)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9366"
              },
              {
                "name": "20020615 malicious PHP source injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/277126"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Zeroboard 4.1, when the \"allow_url_fopen\" and \"register_globals\" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "5028",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5028"
            },
            {
              "name": "zeroboard-include-remote-file(9366)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9366"
            },
            {
              "name": "20020615 malicious PHP source injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/277126"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Zeroboard 4.1, when the \"allow_url_fopen\" and \"register_globals\" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "5028",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5028"
                },
                {
                  "name": "zeroboard-include-remote-file(9366)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9366"
                },
                {
                  "name": "20020615 malicious PHP source injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/277126"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1704",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:55.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1820 (GCVE-0-2005-1820)

    Vulnerability from cvelistv5 – Published: 2005-06-01 04:00 – Updated: 2024-08-07 22:06
    VLAI
    Summary
    zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2005-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:06:57.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "13823",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13823"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securiteam.com/exploits/5KP0V0AFPA.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pandora.sapzil.info/text/notify/20050123.zb41advisory.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-15T16:38:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "13823",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13823"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securiteam.com/exploits/5KP0V0AFPA.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pandora.sapzil.info/text/notify/20050123.zb41advisory.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-1820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "13823",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13823"
                },
                {
                  "name": "http://www.securiteam.com/exploits/5KP0V0AFPA.html",
                  "refsource": "MISC",
                  "url": "http://www.securiteam.com/exploits/5KP0V0AFPA.html"
                },
                {
                  "name": "http://pandora.sapzil.info/text/notify/20050123.zb41advisory.php",
                  "refsource": "MISC",
                  "url": "http://pandora.sapzil.info/text/notify/20050123.zb41advisory.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-1820",
        "datePublished": "2005-06-01T04:00:00.000Z",
        "dateReserved": "2005-06-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:06:57.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0495 (GCVE-0-2005-0495)

    Vulnerability from cvelistv5 – Published: 2005-02-21 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=110884332105513&w=2 mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1013243 vdb-entryx_refsource_SECTRACK
    Date Public
    2005-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:54.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "zeroboard-xss(19420)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19420"
              },
              {
                "name": "20050219 Multiples vulnerability in ZeroBoard,",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110884332105513\u0026w=2"
              },
              {
                "name": "1013243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013243"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "zeroboard-xss(19420)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19420"
            },
            {
              "name": "20050219 Multiples vulnerability in ZeroBoard,",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110884332105513\u0026w=2"
            },
            {
              "name": "1013243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013243"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0495",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "zeroboard-xss(19420)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19420"
                },
                {
                  "name": "20050219 Multiples vulnerability in ZeroBoard,",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110884332105513\u0026w=2"
                },
                {
                  "name": "1013243",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013243"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0495",
        "datePublished": "2005-02-21T05:00:00.000Z",
        "dateReserved": "2005-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:54.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0379 (GCVE-0-2005-0379)

    Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/12257 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1012884 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=110565373407474&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2005-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:53.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "12257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12257"
              },
              {
                "name": "1012884",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012884"
              },
              {
                "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
              },
              {
                "name": "zeroboard-file-disclosure(18891)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18891"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "12257",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12257"
            },
            {
              "name": "1012884",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012884"
            },
            {
              "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
            },
            {
              "name": "zeroboard-file-disclosure(18891)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18891"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0379",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "12257",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12257"
                },
                {
                  "name": "1012884",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012884"
                },
                {
                  "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
                },
                {
                  "name": "zeroboard-file-disclosure(18891)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18891"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0379",
        "datePublished": "2005-02-13T05:00:00.000Z",
        "dateReserved": "2005-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:53.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0380 (GCVE-0-2005-0380)

    Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/12206 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1012884 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/13769 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/12930 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/12932 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/12929 vdb-entryx_refsource_OSVDB
    http://marc.info/?l=bugtraq&m=110565373407474&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/12931 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/12258 vdb-entryx_refsource_BID
    http://www.osvdb.org/12928 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2005-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:53.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "12206",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12206"
              },
              {
                "name": "1012884",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012884"
              },
              {
                "name": "13769",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13769"
              },
              {
                "name": "12930",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12930"
              },
              {
                "name": "12932",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12932"
              },
              {
                "name": "12929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12929"
              },
              {
                "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
              },
              {
                "name": "zeroboard-printcategory-file-include(18892)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18892"
              },
              {
                "name": "12931",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12931"
              },
              {
                "name": "12258",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12258"
              },
              {
                "name": "12928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12928"
              },
              {
                "name": "zeroboard-zero-vote-file-include(18893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18893"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "12206",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12206"
            },
            {
              "name": "1012884",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012884"
            },
            {
              "name": "13769",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13769"
            },
            {
              "name": "12930",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12930"
            },
            {
              "name": "12932",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12932"
            },
            {
              "name": "12929",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12929"
            },
            {
              "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
            },
            {
              "name": "zeroboard-printcategory-file-include(18892)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18892"
            },
            {
              "name": "12931",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12931"
            },
            {
              "name": "12258",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12258"
            },
            {
              "name": "12928",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12928"
            },
            {
              "name": "zeroboard-zero-vote-file-include(18893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18893"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0380",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "12206",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12206"
                },
                {
                  "name": "1012884",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012884"
                },
                {
                  "name": "13769",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13769"
                },
                {
                  "name": "12930",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12930"
                },
                {
                  "name": "12932",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12932"
                },
                {
                  "name": "12929",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12929"
                },
                {
                  "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
                },
                {
                  "name": "zeroboard-printcategory-file-include(18892)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18892"
                },
                {
                  "name": "12931",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12931"
                },
                {
                  "name": "12258",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12258"
                },
                {
                  "name": "12928",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12928"
                },
                {
                  "name": "zeroboard-zero-vote-file-include(18893)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18893"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0380",
        "datePublished": "2005-02-13T05:00:00.000Z",
        "dateReserved": "2005-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:53.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1419 (GCVE-0-2004-1419)

    Vulnerability from cvelistv5 – Published: 2005-02-12 05:00 – Updated: 2024-08-08 00:53
    VLAI
    Summary
    PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/12580 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=110391024404947&w=2 mailing-listx_refsource_BUGTRAQ
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://secunia.com/advisories/13649 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/12581 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/12103 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1012677 vdb-entryx_refsource_SECTRACK
    Date Public
    2004-12-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:53:23.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "12580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12580"
              },
              {
                "name": "zeroboard-outlogin-file-include(18677)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18677"
              },
              {
                "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
              },
              {
                "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
              },
              {
                "name": "13649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13649"
              },
              {
                "name": "12581",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12581"
              },
              {
                "name": "12103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12103"
              },
              {
                "name": "zeroboard-write-file-include(18679)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18679"
              },
              {
                "name": "1012677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012677"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "12580",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12580"
            },
            {
              "name": "zeroboard-outlogin-file-include(18677)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18677"
            },
            {
              "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
            },
            {
              "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
            },
            {
              "name": "13649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13649"
            },
            {
              "name": "12581",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12581"
            },
            {
              "name": "12103",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12103"
            },
            {
              "name": "zeroboard-write-file-include(18679)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18679"
            },
            {
              "name": "1012677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012677"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1419",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "12580",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12580"
                },
                {
                  "name": "zeroboard-outlogin-file-include(18677)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18677"
                },
                {
                  "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
                },
                {
                  "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
                },
                {
                  "name": "13649",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13649"
                },
                {
                  "name": "12581",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12581"
                },
                {
                  "name": "12103",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12103"
                },
                {
                  "name": "zeroboard-write-file-include(18679)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18679"
                },
                {
                  "name": "1012677",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012677"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1419",
        "datePublished": "2005-02-12T05:00:00.000Z",
        "dateReserved": "2005-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:53:23.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3070 (GCVE-0-2006-3070)

    Vulnerability from nvd – Published: 2006-06-19 10:00 – Updated: 2024-08-07 18:16
    VLAI
    Summary
    write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/2318 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/437442/30/… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/18465 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securecast.wins21.com/zerovul.html x_refsource_MISC
    http://marc.info/?l=full-disclosure&m=11504456783… mailing-listx_refsource_FULLDISC
    http://secunia.com/advisories/20592 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-06-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:16:05.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-2318",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2318"
              },
              {
                "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"
              },
              {
                "name": "18465",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18465"
              },
              {
                "name": "zeroboard-htaccess-file-upload-(27038)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securecast.wins21.com/zerovul.html"
              },
              {
                "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=115044567831726\u0026w=2"
              },
              {
                "name": "20592",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20592"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-2318",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2318"
            },
            {
              "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"
            },
            {
              "name": "18465",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18465"
            },
            {
              "name": "zeroboard-htaccess-file-upload-(27038)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securecast.wins21.com/zerovul.html"
            },
            {
              "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=115044567831726\u0026w=2"
            },
            {
              "name": "20592",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20592"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-2318",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2318"
                },
                {
                  "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"
                },
                {
                  "name": "18465",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18465"
                },
                {
                  "name": "zeroboard-htaccess-file-upload-(27038)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"
                },
                {
                  "name": "http://securecast.wins21.com/zerovul.html",
                  "refsource": "MISC",
                  "url": "http://securecast.wins21.com/zerovul.html"
                },
                {
                  "name": "20060616 Zeroboard File Upload \u0026 extension bypass Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=115044567831726\u0026w=2"
                },
                {
                  "name": "20592",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20592"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3070",
        "datePublished": "2006-06-19T10:00:00.000Z",
        "dateReserved": "2006-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:16:05.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1222 (GCVE-0-2006-1222)

    Vulnerability from nvd – Published: 2006-03-14 11:00 – Updated: 2024-08-07 17:03
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:03:28.473Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19214",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19214"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"
              },
              {
                "name": "ADV-2006-0944",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0944"
              },
              {
                "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2\u0026no=5406"
              },
              {
                "name": "17075",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17075"
              },
              {
                "name": "23847",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/23847"
              },
              {
                "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"
              },
              {
                "name": "zeroboard-multiple-fields-xss(25212)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19214",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19214"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"
            },
            {
              "name": "ADV-2006-0944",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0944"
            },
            {
              "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2\u0026no=5406"
            },
            {
              "name": "17075",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17075"
            },
            {
              "name": "23847",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/23847"
            },
            {
              "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"
            },
            {
              "name": "zeroboard-multiple-fields-xss(25212)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1222",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19214",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19214"
                },
                {
                  "name": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf",
                  "refsource": "MISC",
                  "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"
                },
                {
                  "name": "ADV-2006-0944",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0944"
                },
                {
                  "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"
                },
                {
                  "name": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2\u0026no=5406",
                  "refsource": "CONFIRM",
                  "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2\u0026no=5406"
                },
                {
                  "name": "17075",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17075"
                },
                {
                  "name": "23847",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/23847"
                },
                {
                  "name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"
                },
                {
                  "name": "zeroboard-multiple-fields-xss(25212)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1222",
        "datePublished": "2006-03-14T11:00:00.000Z",
        "dateReserved": "2006-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:03:28.473Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1820 (GCVE-0-2005-1820)

    Vulnerability from nvd – Published: 2005-06-01 04:00 – Updated: 2024-08-07 22:06
    VLAI
    Summary
    zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2005-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:06:57.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "13823",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13823"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securiteam.com/exploits/5KP0V0AFPA.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pandora.sapzil.info/text/notify/20050123.zb41advisory.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-15T16:38:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "13823",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13823"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securiteam.com/exploits/5KP0V0AFPA.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pandora.sapzil.info/text/notify/20050123.zb41advisory.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-1820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "13823",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13823"
                },
                {
                  "name": "http://www.securiteam.com/exploits/5KP0V0AFPA.html",
                  "refsource": "MISC",
                  "url": "http://www.securiteam.com/exploits/5KP0V0AFPA.html"
                },
                {
                  "name": "http://pandora.sapzil.info/text/notify/20050123.zb41advisory.php",
                  "refsource": "MISC",
                  "url": "http://pandora.sapzil.info/text/notify/20050123.zb41advisory.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-1820",
        "datePublished": "2005-06-01T04:00:00.000Z",
        "dateReserved": "2005-06-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:06:57.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0379 (GCVE-0-2005-0379)

    Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/12257 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1012884 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=110565373407474&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2005-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:53.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "12257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12257"
              },
              {
                "name": "1012884",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012884"
              },
              {
                "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
              },
              {
                "name": "zeroboard-file-disclosure(18891)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18891"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "12257",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12257"
            },
            {
              "name": "1012884",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012884"
            },
            {
              "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
            },
            {
              "name": "zeroboard-file-disclosure(18891)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18891"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0379",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "12257",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12257"
                },
                {
                  "name": "1012884",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012884"
                },
                {
                  "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
                },
                {
                  "name": "zeroboard-file-disclosure(18891)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18891"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0379",
        "datePublished": "2005-02-13T05:00:00.000Z",
        "dateReserved": "2005-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:53.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0380 (GCVE-0-2005-0380)

    Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/12206 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1012884 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/13769 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/12930 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/12932 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/12929 vdb-entryx_refsource_OSVDB
    http://marc.info/?l=bugtraq&m=110565373407474&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/12931 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/12258 vdb-entryx_refsource_BID
    http://www.osvdb.org/12928 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2005-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:53.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "12206",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12206"
              },
              {
                "name": "1012884",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012884"
              },
              {
                "name": "13769",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13769"
              },
              {
                "name": "12930",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12930"
              },
              {
                "name": "12932",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12932"
              },
              {
                "name": "12929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12929"
              },
              {
                "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
              },
              {
                "name": "zeroboard-printcategory-file-include(18892)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18892"
              },
              {
                "name": "12931",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12931"
              },
              {
                "name": "12258",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12258"
              },
              {
                "name": "12928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12928"
              },
              {
                "name": "zeroboard-zero-vote-file-include(18893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18893"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "12206",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12206"
            },
            {
              "name": "1012884",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012884"
            },
            {
              "name": "13769",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13769"
            },
            {
              "name": "12930",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12930"
            },
            {
              "name": "12932",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12932"
            },
            {
              "name": "12929",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12929"
            },
            {
              "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
            },
            {
              "name": "zeroboard-printcategory-file-include(18892)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18892"
            },
            {
              "name": "12931",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12931"
            },
            {
              "name": "12258",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12258"
            },
            {
              "name": "12928",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12928"
            },
            {
              "name": "zeroboard-zero-vote-file-include(18893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18893"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0380",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "12206",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12206"
                },
                {
                  "name": "1012884",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012884"
                },
                {
                  "name": "13769",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13769"
                },
                {
                  "name": "12930",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12930"
                },
                {
                  "name": "12932",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12932"
                },
                {
                  "name": "12929",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12929"
                },
                {
                  "name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110565373407474\u0026w=2"
                },
                {
                  "name": "zeroboard-printcategory-file-include(18892)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18892"
                },
                {
                  "name": "12931",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12931"
                },
                {
                  "name": "12258",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12258"
                },
                {
                  "name": "12928",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12928"
                },
                {
                  "name": "zeroboard-zero-vote-file-include(18893)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18893"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0380",
        "datePublished": "2005-02-13T05:00:00.000Z",
        "dateReserved": "2005-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:53.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0495 (GCVE-0-2005-0495)

    Vulnerability from nvd – Published: 2005-02-21 05:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=110884332105513&w=2 mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1013243 vdb-entryx_refsource_SECTRACK
    Date Public
    2005-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:54.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "zeroboard-xss(19420)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19420"
              },
              {
                "name": "20050219 Multiples vulnerability in ZeroBoard,",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110884332105513\u0026w=2"
              },
              {
                "name": "1013243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013243"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "zeroboard-xss(19420)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19420"
            },
            {
              "name": "20050219 Multiples vulnerability in ZeroBoard,",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110884332105513\u0026w=2"
            },
            {
              "name": "1013243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013243"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0495",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "zeroboard-xss(19420)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19420"
                },
                {
                  "name": "20050219 Multiples vulnerability in ZeroBoard,",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110884332105513\u0026w=2"
                },
                {
                  "name": "1013243",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013243"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0495",
        "datePublished": "2005-02-21T05:00:00.000Z",
        "dateReserved": "2005-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:54.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2738 (GCVE-0-2004-2738)

    Vulnerability from nvd – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=110391024404947&w=2 mailing-listx_refsource_BUGTRAQ
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/12582 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/13649 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/12103 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1012677 vdb-entryx_refsource_SECTRACK
    Date Public
    2004-12-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
              },
              {
                "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
              },
              {
                "name": "12582",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12582"
              },
              {
                "name": "13649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13649"
              },
              {
                "name": "12103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12103"
              },
              {
                "name": "zeroboard-checkuserid-xss(18680)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18680"
              },
              {
                "name": "1012677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012677"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
            },
            {
              "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
            },
            {
              "name": "12582",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12582"
            },
            {
              "name": "13649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13649"
            },
            {
              "name": "12103",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12103"
            },
            {
              "name": "zeroboard-checkuserid-xss(18680)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18680"
            },
            {
              "name": "1012677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012677"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
                },
                {
                  "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
                },
                {
                  "name": "12582",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12582"
                },
                {
                  "name": "13649",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13649"
                },
                {
                  "name": "12103",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12103"
                },
                {
                  "name": "zeroboard-checkuserid-xss(18680)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18680"
                },
                {
                  "name": "1012677",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012677"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2738",
        "datePublished": "2007-10-09T10:00:00.000Z",
        "dateReserved": "2007-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1419 (GCVE-0-2004-1419)

    Vulnerability from nvd – Published: 2005-02-12 05:00 – Updated: 2024-08-08 00:53
    VLAI
    Summary
    PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/12580 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=110391024404947&w=2 mailing-listx_refsource_BUGTRAQ
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://secunia.com/advisories/13649 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/12581 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/12103 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1012677 vdb-entryx_refsource_SECTRACK
    Date Public
    2004-12-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:53:23.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "12580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12580"
              },
              {
                "name": "zeroboard-outlogin-file-include(18677)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18677"
              },
              {
                "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
              },
              {
                "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
              },
              {
                "name": "13649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13649"
              },
              {
                "name": "12581",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12581"
              },
              {
                "name": "12103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12103"
              },
              {
                "name": "zeroboard-write-file-include(18679)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18679"
              },
              {
                "name": "1012677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012677"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "12580",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12580"
            },
            {
              "name": "zeroboard-outlogin-file-include(18677)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18677"
            },
            {
              "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
            },
            {
              "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
            },
            {
              "name": "13649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13649"
            },
            {
              "name": "12581",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12581"
            },
            {
              "name": "12103",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12103"
            },
            {
              "name": "zeroboard-write-file-include(18679)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18679"
            },
            {
              "name": "1012677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012677"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1419",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "12580",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12580"
                },
                {
                  "name": "zeroboard-outlogin-file-include(18677)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18677"
                },
                {
                  "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110391024404947\u0026w=2"
                },
                {
                  "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html"
                },
                {
                  "name": "13649",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13649"
                },
                {
                  "name": "12581",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12581"
                },
                {
                  "name": "12103",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12103"
                },
                {
                  "name": "zeroboard-write-file-include(18679)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18679"
                },
                {
                  "name": "1012677",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012677"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1419",
        "datePublished": "2005-02-12T05:00:00.000Z",
        "dateReserved": "2005-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:53:23.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1704 (GCVE-0-2002-1704)

    Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/5028 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://online.securityfocus.com/archive/1/277126 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:55.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "5028",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5028"
              },
              {
                "name": "zeroboard-include-remote-file(9366)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9366"
              },
              {
                "name": "20020615 malicious PHP source injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/277126"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Zeroboard 4.1, when the \"allow_url_fopen\" and \"register_globals\" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "5028",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5028"
            },
            {
              "name": "zeroboard-include-remote-file(9366)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9366"
            },
            {
              "name": "20020615 malicious PHP source injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/277126"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Zeroboard 4.1, when the \"allow_url_fopen\" and \"register_globals\" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "5028",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5028"
                },
                {
                  "name": "zeroboard-include-remote-file(9366)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9366"
                },
                {
                  "name": "20020615 malicious PHP source injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/277126"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1704",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:55.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }