MyBB “keywords” Cross-Site Scripting
Application: MyBB
Affected Version: version 1.6.12 and other versions.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting
Risk Level: Critical
Solution:
No official solution is currently available.
Application: MyBB
Affected Version: version 1.6.12 and other versions.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting
Risk Level: Critical
Solution:
No official solution is currently available.
Application: MyBB
Affected Version: versions prior to 1.6.12.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Update to version 1.6.12.
Application: Simple Machines Forum
Affected Version: versions prior to 2.0.6 and 1.1.19.
Vendor’s URL: Simple Machines Forum
Bug Type: System access
Risk Level: Critical
Solution:
Update to version 2.0.6 or 1.1.19.
Application: YaBB
Affected Version: version 2.5.2.
Vendor’s URL: YaBB
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Fixed in the SVN repository.
Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: Profile Wii Friend Code Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Application: MyBB
Affected Version: version 1.1 and other versions.
Vendor’s URL: Country Flags Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Application: MyBB
Affected Version: version 0.1.3 and other versions.
Vendor’s URL: DyMy User Agent Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: MyYoutube Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Application: MyBB
Affected Version: version 1.5 and other versions.
Vendor’s URL: Follower User Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Application: PBBoard
Affected Version: version 3.0 and other versions.
Vendor’s URL: PBBoard
Bug Type: SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Application: DotNetNuke
Affected Version: versions 5.5.0 through 5.6.7 and 6.0.0 through 6.2.0.
Vendor’s URL: DotNetNuke
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 5.6.8 or 6.2.1.
Application: Vanilla Forums
Affected Version: version 1.3.2 and other versions.
Vendor’s URL: FirstLastNames Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Vanilla Forums
Affected Version: version 1.1 and other versions.
Vendor’s URL: LatestComment Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Vanilla Forums
Affected Version: version 1.1.1
Vendor’s URL: AboutMe Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: vBulletin
Affected Version: versions 4.1.4 through 4.1.11.
Vendor’s URL: vBulletin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Install patch, please consult with developers.
Application: MyBB
Affected Version: versions 1.6.4 on October 6th, 2011 and prior.
Vendor’s URL: MyBB
Bug Type: Source Packages Backdoor
Risk Level: Critical
Solution:
Manually download and install the latest version.
Application: MyBB
Affected Version: version 2.0.4 and other version
Vendor’s URL: Advanced Forum Signatures Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: MyBB
Affected Version: version 1.31 and other versions.
Vendor’s URL: MyTabs Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: vBulletin
Affected Version: 4.1.4pl2 and prior versions.
Vendor’s URL: vBulletin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to a fixed version.
Application: vBulletin
Affected Version: versions prior to 4.1.3 PL1 and vBulletin Forum Classic versions prior to 3.8.7 PL1 and 4.1.3 PL1.
Vendor’s URL: YUI Component Library
Bug Type: Unknown
Risk Level: Critical
Solution:
Update to vBulletin Publishing Suite version 4.1.3 PL1 or vBulletin Forum Classic version 3.8.7 PL1 or 4.1.3 PL1