22 matches found
EUVD-2010-4127
Malware in sbrugna...
EUVD-2009-4433
Malware in sbrugna...
Information disclosure
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by headerhtml.php...
CVE-2011-3725
CVE-2011-3725 affects DeluxeBB 1.3. A remote attacker can trigger an information-disclosure by a direct request to a .php file (e.g., header_html.php), causing an error message that reveals the installation path. Root cause: the application leaks server path information via error output. Impact i...
DeluxeBB 1.3 Information Disclosure
====================================================================== DeluxeBB new; $bro-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14 Gecko/20080404 Firefox/2.0.0.14"; $bro-defaultheader"Cookie" = "membercookie=$membercookie; memberpw=$memberpw; memberid=$memberid"; sub gener...
DeluxeBB 1.3 - Private Information Disclosure
DeluxeBB 1.3 - Private Information Disclosure ====================================================================== DeluxeBB new; $bro-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14 Gecko/20080404 Firefox/2.0.0.14"; $bro-defaultheader"Cookie" = "membercookie=$membercookie;...
Sql injection
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033...
CVE-2010-1859
SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread...
Sql injection
SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread...
CVE-2009-4465
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in 1 templates/ including 2 templates/deluxe/admincp/...
Improper access control
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in 1 templates/ including 2 templates/deluxe/admincp/...
Cross site scripting
Cross-site scripting XSS vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
Deserialization of untrusted data
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action...
CVE-2009-4465
DeluxeBB 1.3 is affected by multiple vulnerabilities related to improper access control that expose sensitive files under web root. The issues allow remote attackers to retrieve user/configuration data, logs, and potentially gain administrative access by requesting unprotected paths such as templ...
CVE-2009-4466
DeluxeBB 1.3 is affected by CVE-2009-4466, where a crafted value for the page parameter in misc.php can cause an information disclosure by revealing the installation path in an error message. The issue may stem from how tools.php handles computations, potentially contributing to a denial of servi...
CVE-2009-4465
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in 1 templates/ including 2 templates/deluxe/admincp/...
DeluxeBB 1.3 - Multiple Vulnerabilities
Author: cp77fk4r | Empty0pagEShift+2gmail.com Vendor: http://www.deluxebb.com Directory Listing http://server/templates/ http://server/images/ http://server/logs/ http://server/wysiwyg/ http://server/docs/ http://server/classes http://server/lang http://server/settings/ Cross Site Scripting...
CVE-2009-1033
CVE-2009-1033 affects DeluxeBB 1.3 and earlier. A SQL injection flaw in misc.php allows remote attackers to execute arbitrary SQL via the qorder parameter, as described in the connected documents. Exploit details and fixes are not provided here.
DeluxeBB 1.3 SQL Injection
Author: girex Homepage: girex.altervista.org Date: 18/03/2009 CMS: DeluxeBB 1.3 and prior site: deluxebb.com NOTE: - Works regardless of php.ini settings - This SQL injection will shows you username and md5 of ALL registered users of the site. - This PoC was written for educational purpose. Use i...
DeluxeBB <= 1.3 (qorder) Remote SQL Injection Vulnerability
No description provided by source. Author: girex Homepage: girex.altervista.org Date: 18/03/2009 CMS: DeluxeBB 1.3 and prior site: deluxebb.com NOTE: - Works regardless of php.ini settings - This SQL injection will shows you username and md5 of ALL registered users of the site. - This PoC was...