Archive

Archive for the ‘Discussion Boards’ Category

MyBB “keywords” Cross-Site Scripting

February 28th, 2014
Comments Off

Application: MyBB
Affected Version: version 1.6.12 and other versions.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards

MyBB Cross-Site Scripting and SQL Injection

December 30th, 2013
Comments Off

Application: MyBB
Affected Version: versions prior to 1.6.12.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.12.

Cross Site Scripting, Discussion Boards, SQL Injection

Simple Machines Forum Multiple Vulnerabilities

October 31st, 2013
Comments Off

Application: Simple Machines Forum
Affected Version: versions prior to 2.0.6 and 1.1.19.
Vendor’s URL: Simple Machines Forum
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 2.0.6 or 1.1.19.

Access Bypass, Discussion Boards

YaBB “guestlanguage” Cookie Local File Inclusion

May 27th, 2013
Comments Off

Application: YaBB
Affected Version: version 2.5.2.
Vendor’s URL: YaBB
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Fixed in the SVN repository.

Discussion Boards, File Inclusion

MyBB Profile Wii Friend Code Plugin Cross-Site Scripting and SQL Injection

January 25th, 2013
Comments Off

Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: Profile Wii Friend Code Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards, SQL Injection

MyBB HM_My Country Flags Plugin “cnam” SQL Injection

January 25th, 2013
Comments Off

Application: MyBB
Affected Version: version 1.1 and other versions.
Vendor’s URL: Country Flags Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

MyBB DyMy User Agent Plugin “User-Agent” SQL Injection

December 24th, 2012
Comments Off

Application: MyBB
Affected Version: version 0.1.3 and other versions.
Vendor’s URL: DyMy User Agent Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

MyBB MyYoutube Plugin Script Insertion and SQL Injection

December 24th, 2012
Comments Off

Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: MyYoutube Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards, SQL Injection

MyBB Follower User Plugin “usid” SQL Injection

November 26th, 2012
Comments Off

Application: MyBB
Affected Version: version 1.5 and other versions.
Vendor’s URL: Follower User Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

PBBoard “PowerBB_username” Cookie SQL Injection

October 30th, 2012
Comments Off

Application: PBBoard
Affected Version: version 3.0 and other versions.
Vendor’s URL: PBBoard
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

DotNetNuke Multiple Vulnerabilities

July 26th, 2012
Comments Off

Application: DotNetNuke
Affected Version: versions 5.5.0 through 5.6.7 and 6.0.0 through 6.2.0.
Vendor’s URL: DotNetNuke
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.6.8 or 6.2.1.

Access Bypass, Cross Site Scripting, Discussion Boards

Vanilla Forums FirstLastNames Plugin Profile Two Script Insertion Vulnerabilities

May 30th, 2012
Comments Off

Application: Vanilla Forums
Affected Version: version 1.3.2 and other versions.
Vendor’s URL: FirstLastNames Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

Vanilla Forums LatestComment Plugin Discussion Title Script Insertion

May 30th, 2012
Comments Off

Application: Vanilla Forums
Affected Version: version 1.1 and other versions.
Vendor’s URL: LatestComment Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

Vanilla Forums AboutMe Plugin Multiple Script Insertion

May 30th, 2012
Comments Off

Application: Vanilla Forums
Affected Version: version 1.1.1
Vendor’s URL: AboutMe Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

vBulletin Two Script Insertion

April 30th, 2012
Comments Off

Application: vBulletin
Affected Version: versions 4.1.4 through 4.1.11.
Vendor’s URL: vBulletin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Install patch, please consult with developers.

Cross Site Scripting, Discussion Boards

MyBB Compromised Source Packages Backdoor Security Issue

November 1st, 2011
Comments Off

Application: MyBB
Affected Version: versions 1.6.4 on October 6th, 2011 and prior.
Vendor’s URL: MyBB
Bug Type: Source Packages Backdoor
Risk Level: Critical

Solution:
Manually download and install the latest version.

Discussion Boards

MyBB Advanced Forum Signatures Plugin Multiple SQL Injection

November 1st, 2011
Comments Off

Application: MyBB
Affected Version: version 2.0.4 and other version
Vendor’s URL: Advanced Forum Signatures Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

MyBB MyTabs Plugin “tab” SQL Injection

August 24th, 2011
Comments Off

Application: MyBB
Affected Version: version 1.31 and other versions.
Vendor’s URL: MyTabs Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

vBulletin Search UI Unspecified SQL Injection

July 26th, 2011
Comments Off

Application: vBulletin
Affected Version: 4.1.4pl2 and prior versions.
Vendor’s URL: vBulletin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to a fixed version.

Discussion Boards, SQL Injection

vBulletin YUI Component Library Unspecified

June 28th, 2011
Comments Off

Application: vBulletin
Affected Version: versions prior to 4.1.3 PL1 and vBulletin Forum Classic versions prior to 3.8.7 PL1 and 4.1.3 PL1.
Vendor’s URL: YUI Component Library
Bug Type: Unknown
Risk Level: Critical

Solution:
Update to vBulletin Publishing Suite version 4.1.3 PL1 or vBulletin Forum Classic version 3.8.7 PL1 or 4.1.3 PL1

Discussion Boards