Boonex

boonex

14 CVEs • 5 products

Products (5)

Click to collapse

Toggle

Barracuda Directory

barracuda_directory

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-27969 1Boonex 1Dolphin Nov 21, 2024 Mar 23, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
CVE-2013-3638 1Boonex 1Dolphin Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
CVE-2014-4333 1Boonex 1Dolphin May 6, 2026 Jun 19, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection a...Show more Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.Show less
CVE-2014-3810 1Boonex 1Dolphin May 6, 2026 Jun 19, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be...Show more SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.Show less
CVE-2012-0873 1Boonex 1Dolphin Apr 29, 2026 Feb 23, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3...Show more Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.Show less
CVE-2011-3728 1Boonex 1Dolphin Apr 29, 2026 Sep 23, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and...Show more Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.Show less
CVE-2009-2919 1Boonex 1Orca Apr 23, 2026 Aug 21, 2009 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
CVE-2008-5167 1Boonex 1Orca Apr 23, 2026 Nov 19, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layou...Show more PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.Show less
CVE-2008-3167 1Boonex 1Dolphin Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSa...Show more Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.Show less
CVE-2008-3166 1Boonex 1Ray Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter...Show more PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.Show less
CVE-2006-5410 1Boonex 1Dolphin Apr 23, 2026 Oct 20, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that...Show more PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189.Show less
CVE-2006-4189 1Boonex 1Dolphin Apr 16, 2026 Aug 17, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (...Show more Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.Show less
CVE-2006-2133 1Boonex 1Barracuda Apr 16, 2026 May 1, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the...Show more SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality.Show less
CVE-2006-0833 1Boonex 1Barracuda Directory Apr 16, 2026 Feb 22, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NO...Show more Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.Show less