5 matches found
CVE-2006-0139
The send-private-message functionality send-private-message.asp in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter...
Code injection
The send-private-message functionality send-private-message.asp in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter...
CVE-2004-2653
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving 1 admin/userlevelmembers-edit.asp and 2 admin/edit-groups.asp...
CVE-2006-0139
The CVE-2006-0139 vulnerability affects PD9 Software MegaBBS 2.1 , specifically the send-private-message.asp feature. A remote attacker can read other users’ private messages by supplying a modified replyid parameter, indicating improper input handling/validation for that field. The available doc...
PD9 Software MegaBBS 2.0/2.1 - 'ladder-log.asp' Multiple SQL Injections
source: https://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out HTTP response splitting and SQL injection attacks. MegaBBS versions 2.0 and...