Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for the 'Discussion Boards' Category

phpBB Security Bypass Vulnerabilities

Published by TL Guan April 18th, 2008 in Access Bypass and Discussion Boards.

Application: phpBB
Affected Version: 3.0.0.
Vendor’s URL: phpBB
Bug Type: Access Bypass
Risk Level: Critical

Solution:
Update to version 3.0.1.

DotNetNuke Multiple Vulnerabilities

Published by TL Guan April 18th, 2008 in Access Bypass, Discussion Boards and Privilege Escalation.

Application: DotNetNuke
Affected Version: version prior to 4.8.2.
Vendor’s URL: http://www.dotnetnuke.com/
Bug Type: Privilege escalation, access bypass
Risk Level: Critical

Solution:
Update to version 4.8.2.
http://www.dotnetnuke.com/tabid/125/default.aspx

phpBB eXtreme Styles Module Local File Inclusion

Published by TL Guan April 18th, 2008 in Discussion Boards, File Inclusion and Information Disclosure.

Application: phpBB
Affected Version: 2.3.1 and 2.4.0 and other versions.
Vendor’s URL: phpBB eXtreme Styles Module
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

phpBP “id” SQL Injection

Published by TL Guan March 20th, 2008 in Discussion Boards and SQL Injection.

Application: phpBP
Affected Version: 2 RC3 (2.204) FIX4 and other versions.
Vendor’s URL: phpBP
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply fix: phpBP 2 RC3 2.204 FIX5.

Fully Modded phpBB “k” SQL Injection

Published by TL Guan March 20th, 2008 in Discussion Boards and SQL Injection.

Application: Fully Modded phpBB
Affected Version: 80220 and other versions.
Vendor’s URL: Fully Modded phpBB
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

PunBB Password Change and XSS

Published by TL Guan February 22nd, 2008 in Cross Site Scripting and Discussion Boards.

Application: PunBB
Affected Version: 1.2.16 and other versions.
Vendor’s URL: http://www.punbb.org/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.2.17.

Simple Machines Forum SMF Shoutbox Mod Script Insertion

Published by TL Guan February 22nd, 2008 in Cross Site Scripting and Discussion Boards.

Application: Simple Machines Forum SMF
Affected Version: 1.16b and other versions.
Vendor’s URL: Simple Machines Forum SMF
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

phpBB Private Message Deletion XSRF

Published by TL Guan February 22nd, 2008 in Cross Site Scripting and Discussion Boards.

Application: phpBB
Affected Version: 2.0.22 and prior versions.
Vendor’s URL: http://www.phpbb.com/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 2.0.23.

Simple Forum Multiple Vulnerabilities

Published by TL Guan February 22nd, 2008 in Cross Site Scripting, Discussion Boards and Information Disclosure.

Application: Simple Forum
Affected Version: 3.2 and other versions.
Vendor’s URL: http://www.gerd-tentler.de/tools/forum/
Bug Type: Cross Site Scripting, Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

MyBB SQL Injection and XSRF Vulnerabilities

Published by TL Guan January 22nd, 2008 in Cross Site Scripting, Discussion Boards and SQL Injection.

Application: MyBB
Affected Version: 1.2.11 and prior versions.
Vendor’s URL: http://www.mybboard.net/
Bug Type: Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.12.

MyBB PHP Code Execution and SQL Injection

Published by TL Guan January 22nd, 2008 in Discussion Boards, Remote Command Execution and SQL Injection.

Application: MyBB
Affected Version: 1.2.10 and prior versions.
Vendor’s URL: http://www.mybboard.net/
Bug Type: System access, SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.11.

vbDrupal Multiple Vulnerabilities

Published by TL Guan January 22nd, 2008 in Content Management, Cross Site Scripting and Discussion Boards.

Application: vbDrupal
Affected Version: prior to version 4.7.11.0 or 5.6.0.
Vendor’s URL: http://www.vbdrupal.org/
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 4.7.11.0 or 5.6.0.

PortalApp Multiple Vulnerabilities

Published by TL Guan January 22nd, 2008 in Access Bypass, Content Management, Cross Site Scripting and Discussion Boards.

Application: PortalApp
Affected Version: 4.0.
Vendor’s URL: PortalApp
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised and access to dangerous actions is properly restricted.

Snitz Forums 2000 XSS Vulnerability

Published by TL Guan January 22nd, 2008 in Cross Site Scripting and Discussion Boards.

Application: Snitz Forums 2000
Affected Version: 3.4.06 and prior version.
Vendor’s URL: http://forum.snitz.com/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitised.

MyPHP Forum SQL Injection

Published by TL Guan January 22nd, 2008 in Discussion Boards and SQL Injection.

Application: MyPHP Forum 3.x
Affected Version: 3.0
Vendor’s URL: http://www.myphp.ws/
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code or consult to the developer.

phpBB SupaNav Module File Inclusion

Published by TL Guan July 20th, 2007 in Discussion Boards and File Inclusion.

Application: PHPBB
Affected Version: 1.0.0 or other versions may be affected
Vendor’s URL: SupaNav
Bug Type: File Inclusion
Risk Level: Critical

Solution:
- Edit the source code to make sure input is properly verified
- Update to version 1.1.1

YaBB CRLF Injection Privilege Escalation

Published by TL Guan June 15th, 2007 in Discussion Boards and Privilege Escalation.

Application: YABB Forum
Affected Version: 2.1 or other versions may be affected
Vendor’s URL: http://www.yabbforum.com/
Bug Type: Privilege Escalation
Risk Level: Critical

Solution:
Apply patch.
http://www.yabbforum.com/community/?board=general;action=display;num=1181678785

MyBB SQL Injection Vulnerability

Published by CS Lee April 26th, 2007 in Applications, Discussion Boards and SQL Injection.

Application: MyBB
Version: 1.2.5 or earlier
Vendor’s URL: http://www.mybboard.net/
Bug Type: Sql Injection
Risk Level: High

Solution:
- Upgrade to version 1.2.6
- http://community.mybboard.net/showthread.php?tid=18632

InstantForum.NET Members1/Logon.aspx XSS

Published by CS Lee January 18th, 2007 in Cross Site Scripting and Discussion Boards.

Application: InstantForum.NET
Version: 4.1.0 or below
Vendor’s URL: http://www.instantasp.co.uk/Products/InstantForum/Default.aspx
Bug type: Cross Site Scripting
Risk: Low

Solution:
- Currently waiting for the bugs fix from respected vendor.

About

You are currently browsing the Exabytes Security Portal weblog archives for the Discussion Boards category.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional