Lucene search
K

8 matches found

NVD
NVD
added 2006/07/24 12:19 p.m.12 views

CVE-2006-3797

SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the 1 memberpw and 2 membercookie cookies...

7.5CVSS7.6AI score0.01325EPSS
Exploits0References5
NVD
NVD
added 2006/07/24 12:19 p.m.12 views

CVE-2006-3796

DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user...

7.5CVSS6.2AI score0.01524EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/07/21 9:0 p.m.20 views

CVE-2006-3798

DeluxeBB 1.07 and earlier allows remote attackers to overwrite the 1 GET, 2 POST, 3 ENV, and 4 SERVER variables via the COOKIE aka COOKIE variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the...

6.8AI score0.01329EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/07/21 9:0 p.m.18 views

CVE-2006-3799

DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."...

8AI score0.01416EPSS
Exploits1References6
NVD
NVD
added 2006/06/29 1:5 a.m.11 views

CVE-2006-3304

SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter...

7.5CVSS8.4AI score0.01585EPSS
Exploits1References8
CVE
CVE
added 2006/06/29 1:0 a.m.54 views

CVE-2006-3303

DeluxeBB 1.07 and earlier have cross-site scripting in pm.php, exploitable via the subject or to parameters, enabling injection of arbitrary script/HTML. Root cause: improper input handling in pm.php leading to reflected XSS. Impact per available data is partial integrity impact with no confident...

4.3CVSS6AI score0.01158EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2006/06/27 12:0 a.m.32 views

DeluxeBB 1.07 Create admin Exploit

DeluxeBB 1.07 Create admin Exploit ---------------------------------------- + Summary : Name : DeluxeBB 1.07 Class : Remote Risk : High + Description: DeluxeBB 1.07 Have a high Security Bug in user control panel cp.php . this bug allows to users change access level with inject qurry in update...

2.9AI score
Exploits0
seebug.org
seebug.org
added 2006/06/25 12:0 a.m.14 views

DeluxeBB <= 1.07 (cp.php) Create Admin Exploit

No description provided by source. !/usr/bin/perl DeluxeBB = 1.07 Create Admin Exploit www.h4ckerz.com / www.hackerz.ir / www.aria-security.net ./2006-6-25 Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $uname = $ARGV...

7.1AI score
Exploits0
Rows per page
Query Builder