MidnightBSD

Advisories for zoid_technologies

CVE-2006-3306 MEDIUM

Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zoid_technologies project_eros_bbsengine 2006-02-23
zoid_technologies project_eros_bbsengine *
CVE-2006-3307 HIGH

Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zoid_technologies project_eros_bbsengine 2006-02-23
CVE-2006-3308 HIGH

Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zoid_technologies project_eros_bbsengine 2006-04-29
zoid_technologies project_eros_bbsengine 2006-05-10
zoid_technologies project_eros_bbsengine 2006-05-09
zoid_technologies project_eros_bbsengine 2006-05-01
zoid_technologies project_eros_bbsengine 2006-02-23
zoid_technologies project_eros_bbsengine 2006-05-19
zoid_technologies project_eros_bbsengine 2006-05-20
zoid_technologies project_eros_bbsengine 2006-05-12
zoid_technologies project_eros_bbsengine *