PT-2025-52716

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.32 Description MyBB version 1.8.32 contains a chained issue that allows authenticated administrators to bypass avatar upload restrictions and potentially execute arbitrary code. Attackers can modify upload path settings, uploa...

Linux Distros Unpatched Vulnerability : CVE-2019-13376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking...

JVN#46874970: 0ch BBS Script (0ch) vulnerable to cross-site scripting

0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be...

GHSA-6G7X-4C7M-G63M Review Board Cross-site scripting (XSS) vulnerability in the reviews dropdown

Cross-site scripting XSS vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name...

CVE-2020-19048

Cross Site Scripting XSS in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'...

MyBB Cross-Site Scripting Vulnerability (CNVD-2020-46844)

MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB versions prior to 1.8.24. The vulnerability stems...

CVE-2013-2267

PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system...

Phar Deserialization Remote Code Execution Vulnerability in phpBB v3.2.3

phpBB is a set of open source using PHP language development of Web forum software . phpBB v3.2.3 suffers from a Phar deserialization remote code execution vulnerability, which can be exploited by an attacker to gain control of a web server...

phpBB 3.2.3: Phar Deserialization to RCE

Impact phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. Bu...

JVN#48774168: PHP 2chBBS vulnerable to cross-site scripting

PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. Impact Due to this vulnerability, a victim being tricked...

CVE-2017-15964

Job Board Script Software allows SQL Injection via the PATHINFO to a /job-details URI...

Job Board Software 1.0 SQL Injection

Exploit Title: Job Board Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/job-board-software Demo: http://jobsite.scriptzee.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

CVE-2016-9413

The Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

MyBB has multiple vulnerabilities (CNVD-2016-11606)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.7, including: SQL injecti...

JVN#13684924: BBS X102 vulnerable to cross-site scripting

BBS X102 provided by guide-park.com is a bulletin board software. BBS X102 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using BBS X102 Ver1.03 Since the developer was unreachable, existence of any...

BloBee vulnerable to arbitrary file creation

Overview BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#24336273: BloBee vulnerable to arbitrary file creation

BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Impact An arbitrary file created by an attacker may result in arbitrary code being executed on the server. Solution Update the Software...

shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting

Overview shiromukuu1GUESTBOOK from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukuu1GUESTBOOK contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#94502417: shiromuku(bu2)BBS vulnerable to arbitrary file creation

shiromukubu2BBS from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukubu2BBS contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact A remote attacker creating arbitrary files may result in arbitrary code execution on the server. Solution...

OpenBB 1.0/1.1 Board.PHP Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7404/info It has been reported that OpenBB does not properly check input passed via the 'board.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the...