Application: MyBB
Affected Version: version 1.6.12 and other versions.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards

Application: MyBB
Affected Version: versions prior to 1.6.12.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.12.

Cross Site Scripting, Discussion Boards, SQL Injection

Application: Simple Machines Forum
Affected Version: versions prior to 2.0.6 and 1.1.19.
Vendor’s URL: Simple Machines Forum
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 2.0.6 or 1.1.19.

Access Bypass, Discussion Boards

Application: YaBB
Affected Version: version 2.5.2.
Vendor’s URL: YaBB
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Fixed in the SVN repository.

Discussion Boards, File Inclusion

Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: Profile Wii Friend Code Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards, SQL Injection

Application: MyBB
Affected Version: version 1.1 and other versions.
Vendor’s URL: Country Flags Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

Application: MyBB
Affected Version: version 0.1.3 and other versions.
Vendor’s URL: DyMy User Agent Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: MyYoutube Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards, SQL Injection

Application: MyBB
Affected Version: version 1.5 and other versions.
Vendor’s URL: Follower User Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

Application: PBBoard
Affected Version: version 3.0 and other versions.
Vendor’s URL: PBBoard
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

Application: DotNetNuke
Affected Version: versions 5.5.0 through 5.6.7 and 6.0.0 through 6.2.0.
Vendor’s URL: DotNetNuke
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.6.8 or 6.2.1.

Access Bypass, Cross Site Scripting, Discussion Boards

Application: Vanilla Forums
Affected Version: version 1.3.2 and other versions.
Vendor’s URL: FirstLastNames Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

Application: Vanilla Forums
Affected Version: version 1.1 and other versions.
Vendor’s URL: LatestComment Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

Application: Vanilla Forums
Affected Version: version 1.1.1
Vendor’s URL: AboutMe Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

Application: vBulletin
Affected Version: versions 4.1.4 through 4.1.11.
Vendor’s URL: vBulletin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Install patch, please consult with developers.

Cross Site Scripting, Discussion Boards

Application: MyBB
Affected Version: versions 1.6.4 on October 6th, 2011 and prior.
Vendor’s URL: MyBB
Bug Type: Source Packages Backdoor
Risk Level: Critical

Solution:
Manually download and install the latest version.

Discussion Boards

Application: MyBB
Affected Version: version 2.0.4 and other version
Vendor’s URL: Advanced Forum Signatures Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

Application: MyBB
Affected Version: version 1.31 and other versions.
Vendor’s URL: MyTabs Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

Application: vBulletin
Affected Version: 4.1.4pl2 and prior versions.
Vendor’s URL: vBulletin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to a fixed version.

Discussion Boards, SQL Injection

Application: vBulletin
Affected Version: versions prior to 4.1.3 PL1 and vBulletin Forum Classic versions prior to 3.8.7 PL1 and 4.1.3 PL1.
Vendor’s URL: YUI Component Library
Bug Type: Unknown
Risk Level: Critical

Solution:
Update to vBulletin Publishing Suite version 4.1.3 PL1 or vBulletin Forum Classic version 3.8.7 PL1 or 4.1.3 PL1

Discussion Boards