Zeroboard : Security Vulnerabilities, CVEs, Published In 2006 CVSS score >= 4
write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
Max CVSS
5.0
EPSS Score
57.46%
Published
2006-06-19
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields.
Max CVSS
4.3
EPSS Score
1.21%
Published
2006-03-14
Updated
2018-10-18
2 vulnerabilities found