5 matches found
EUVD-2019-7995
Malware in sbrugna...
Default credentials
The myrand function in functions.php in MyBB aka MyBulletinBoard before 1.4.12 does not properly use the PHP mtrand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force atta...
CVE-2010-4626
The myrand function in functions.php in MyBB aka MyBulletinBoard before 1.4.12 does not properly use the PHP mtrand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force atta...
Design/Logic Flaw
index.php in Ryan Haudenschilt Family Connections FCMS before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcmsloginid cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter...
CVE-2007-4338
index.php in Ryan Haudenschilt Family Connections FCMS before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcmsloginid cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter...