Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-4127

Malware in sbrugna...

6.8CVSS6.3AI score0.01181EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4433

Malware in sbrugna...

5CVSS6.4AI score0.02429EPSS
Exploits2References4
Prion
Prion
added 2011/09/23 11:55 p.m.17 views

Information disclosure

DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by headerhtml.php...

5CVSS6.6AI score0.01335EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2011/09/23 11:0 p.m.47 views

CVE-2011-3725

CVE-2011-3725 affects DeluxeBB 1.3. A remote attacker can trigger an information-disclosure by a direct request to a .php file (e.g., header_html.php), causing an error message that reveals the installation path. Root cause: the application leaks server path information via error output. Impact i...

5CVSS6.3AI score0.01335EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2010/11/09 12:0 a.m.24 views

DeluxeBB 1.3 Information Disclosure

====================================================================== DeluxeBB new; $bro-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14 Gecko/20080404 Firefox/2.0.0.14"; $bro-defaultheader"Cookie" = "membercookie=$membercookie; memberpw=$memberpw; memberid=$memberid"; sub gener...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/11/07 12:0 a.m.17 views

DeluxeBB 1.3 - Private Information Disclosure

DeluxeBB 1.3 - Private Information Disclosure ====================================================================== DeluxeBB new; $bro-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14 Gecko/20080404 Firefox/2.0.0.14"; $bro-defaultheader"Cookie" = "membercookie=$membercookie;...

7.2AI score
Exploits0
Prion
Prion
added 2010/11/03 8:0 p.m.16 views

Sql injection

SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033...

6.8CVSS8.6AI score0.01291EPSS
Exploits4References7Affected Software1
NVD
NVD
added 2010/05/07 11:0 p.m.15 views

CVE-2010-1859

SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread...

6.8CVSS8.3AI score0.00831EPSS
Exploits2References2
Prion
Prion
added 2010/05/07 11:0 p.m.13 views

Sql injection

SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread...

6.8CVSS9AI score0.00831EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2009/12/30 8:0 p.m.16 views

CVE-2009-4465

DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in 1 templates/ including 2 templates/deluxe/admincp/...

7.5CVSS6.4AI score0.02369EPSS
Exploits2References5
Prion
Prion
added 2009/12/30 8:0 p.m.18 views

Improper access control

DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in 1 templates/ including 2 templates/deluxe/admincp/...

7.5CVSS7AI score0.02369EPSS
Exploits2References5Affected Software1
Prion
Prion
added 2009/12/30 8:0 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

4.3CVSS6.1AI score0.01436EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2009/12/30 8:0 p.m.19 views

Deserialization of untrusted data

misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action...

4CVSS7AI score0.01657EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2009/12/30 7:0 p.m.52 views

CVE-2009-4465

DeluxeBB 1.3 is affected by multiple vulnerabilities related to improper access control that expose sensitive files under web root. The issues allow remote attackers to retrieve user/configuration data, logs, and potentially gain administrative access by requesting unprotected paths such as templ...

7.5CVSS6.4AI score0.02369EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2009/12/30 7:0 p.m.52 views

CVE-2009-4466

DeluxeBB 1.3 is affected by CVE-2009-4466, where a crafted value for the page parameter in misc.php can cause an information disclosure by revealing the installation path in an error message. The issue may stem from how tools.php handles computations, potentially contributing to a denial of servi...

5CVSS6.4AI score0.02429EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2009/12/30 7:0 p.m.33 views

CVE-2009-4465

DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in 1 templates/ including 2 templates/deluxe/admincp/...

6.4AI score0.02369EPSS
Exploits2References5
Exploit DB
Exploit DB
added 2009/12/22 12:0 a.m.26 views

DeluxeBB 1.3 - Multiple Vulnerabilities

Author: cp77fk4r | Empty0pagEShift+2gmail.com Vendor: http://www.deluxebb.com Directory Listing http://server/templates/ http://server/images/ http://server/logs/ http://server/wysiwyg/ http://server/docs/ http://server/classes http://server/lang http://server/settings/ Cross Site Scripting...

7AI score
Exploits0
CVE
CVE
added 2009/03/20 6:0 p.m.67 views

CVE-2009-1033

CVE-2009-1033 affects DeluxeBB 1.3 and earlier. A SQL injection flaw in misc.php allows remote attackers to execute arbitrary SQL via the qorder parameter, as described in the connected documents. Exploit details and fixes are not provided here.

7.5CVSS8.2AI score0.01024EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2009/03/19 12:0 a.m.18 views

DeluxeBB 1.3 SQL Injection

Author: girex Homepage: girex.altervista.org Date: 18/03/2009 CMS: DeluxeBB 1.3 and prior site: deluxebb.com NOTE: - Works regardless of php.ini settings - This SQL injection will shows you username and md5 of ALL registered users of the site. - This PoC was written for educational purpose. Use i...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2009/03/19 12:0 a.m.20 views

DeluxeBB <= 1.3 (qorder) Remote SQL Injection Vulnerability

No description provided by source. Author: girex Homepage: girex.altervista.org Date: 18/03/2009 CMS: DeluxeBB 1.3 and prior site: deluxebb.com NOTE: - Works regardless of php.ini settings - This SQL injection will shows you username and md5 of ALL registered users of the site. - This PoC was...

7.1AI score
Exploits0
Rows per page
Query Builder