MidnightBSD

Advisories for nusoftware

CVE-2010-2849 MEDIUM

Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
nusoftware nubuilder 09.06.26
nusoftware nubuilder 09.07.24
nusoftware nubuilder 09.08.20
nusoftware nubuilder 09.09.23
nusoftware nubuilder *
nusoftware nubuilder 09.06.10
CVE-2010-2850 MEDIUM

Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
nusoftware nubuilder 09.06.26
nusoftware nubuilder 09.07.24
nusoftware nubuilder 09.08.20
nusoftware nubuilder 09.09.23
nusoftware nubuilder *
nusoftware nubuilder 09.06.10