Shodan
Vulnerabilities
Vulnerable Software
Vbzoom:  Security Vulnerabilities
CVE-2007-3588
SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-07-05
CVE-2006-4634
Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.
CVSS Score
4.3
EPSS Score
0.005
Published
2006-09-08
CVE-2006-3691
Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php.
CVSS Score
7.5
EPSS Score
0.014
Published
2006-07-21
CVE-2006-3238
Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.
CVSS Score
7.5
EPSS Score
0.008
Published
2006-06-27
CVE-2006-3239
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2006-06-27
CVE-2006-3142
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2006-06-22
CVE-2006-3054
Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2006-06-16
CVE-2006-3055
Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2006-06-16
CVE-2006-3056
SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2006-06-16
CVE-2006-1132
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729.
CVSS Score
7.5
EPSS Score
0.003
Published
2006-03-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved