Lucene search
+L

172 matches found

cve
cve
added 2018/02/12 4:0 a.m.44 views

CVE-2018-6506

Affected software: miniBB 3.2.2. Vulnerability: Cross-Site Scripting (XSS) in the Add Forum feature of the Administrative Panel. Root cause: crafted use of an onload attribute of an SVG element in the supertitle field. Impact (as stated): enables script execution in the context of the user’s brow...

4.8CVSS4.9AI score0.00539EPSS
Exploits1References1Affected Software1
cnvd
cnvd
added 2018/02/12 12:0 a.m.8 views

miniBB Cross-Site Scripting Vulnerability

miniBB full name Minimalistic Bulletin Board is a free, open source Internet forum software. The software supports a variety of forum styles , multiple interface languages , multiple time zones , plug-ins and extensions , etc. Administrative Panel is one of the administrative panel . A cross-site...

4.8CVSS6.5AI score0.00539EPSS
Exploits1References1
zdt
zdt
added 2015/11/07 12:0 a.m.40 views

MiniBB 3.1.1 Cross Site Scripting Vulnerability

MiniBB version 3.1.1 suffers from a cross site scripting vulnerability. 1. Introduction Affected Product: MiniBB 3.1.1 Fixed in: 3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: email protected Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendo...

6.7AI score
Exploits0
packetstorm
packetstorm
added 2015/11/06 12:0 a.m.21 views

MiniBB 3.1.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MiniBB 3.1.1 Fixed in: 3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to...

7.4AI score
Exploits0
openvas
openvas
added 2015/01/07 12:0 a.m.19 views

miniBB bb_func_unsub.php 'code' Parameter Blind SQL Injection Vulnerability

miniBB is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01306EPSS
Exploits5References4
nvd
nvd
added 2014/12/31 9:59 p.m.22 views

CVE-2014-9254

bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...

7.5CVSS7AI score0.01306EPSS
Exploits5References3
prion
prion
added 2014/12/31 9:59 p.m.16 views

Sql injection

bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...

7.5CVSS7.6AI score0.01306EPSS
Exploits5References3Affected Software1
cve
cve
added 2014/12/31 9:0 p.m.47 views

CVE-2014-9254

Mode C The CVE affects MiniBB 3.1 prior to 2014-11-27. The vulnerability is a SQL injection in the bb_func_unsub.php code path exposed through the unsubscribe action, caused by an unanchored regular expression in preg_match that inaccurately validates the code parameter. This allows remote attack...

7.5CVSS7.2AI score0.01306EPSS
Exploits5References3Affected Software1
cvelist
cvelist
added 2014/12/31 9:0 p.m.29 views

CVE-2014-9254

bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...

7AI score0.01306EPSS
Exploits5References3
packetstorm
packetstorm
added 2014/12/20 12:0 a.m.35 views

miniBB 3.1 Blind SQL Injection

Exploit Title: miniBB 3.1 Blind SQL Injection Date: 23-11-2014 Software Link: http://www.minibb.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9254 Category: webapps 1. Description pregmatch only check if $GET'code'...

7.5CVSS0.8AI score0.01306EPSS
Exploits5
zdt
zdt
added 2014/12/18 12:0 a.m.43 views

miniBB 3.1 Blind SQL Injection Vulnerability

miniBB version 3.1 suffers from a remote blind SQL injection vulnerability. Exploit Title: miniBB 3.1 Blind SQL Injection Date: 23-11-2014 Software Link: http://www.minibb.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE:...

7.5CVSS7.6AI score0.01306EPSS
Exploits5
seebug
seebug
added 2014/07/01 12:0 a.m.18 views

miniBB keyword_replacer <= 1.0 (pathToFiles) File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- miniBB keywordreplacer = 1.0 pathToFiles Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.22 views

minibb 2.2 (css/sql/fpd) Multiple Vulnerabilities

No description provided by source. Author: GiReX Homepage: girex.altervista.org Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site: minibb.net Bug 1: Full Path Disclosure Bug 2: Cross Site Scripting Bug 3: Remote SQL Injection Need: registerglobals = On ---------------------------------------...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.18 views

MiniBB 1.5 News.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19095/info MiniBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP co...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.11 views

miniBB - Input Validation Hole ('user')

No description provided by source. Example: http://target/minibb/index.php?action=userinfo&user=1%20union%20select%201,2,userpassword%20from%20minibbusers/ milw0rm.com 2004-11-16...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.22 views

MiniBB 2.5 - SQL Injection Vulnerability

No description provided by source. Vulnerability ID: HTB22671 Reference: http://www.htbridge.ch/advisory/sqlinjectioninminibb.html Product: MiniBB Vendor: MiniBB.com http://www.minibb.com/ Vulnerable Version: 2.5 Vendor Notification: 21 October 2010 Vulnerability Type: SQL Injection Status: Not...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.13 views

miniBB <= 2.0.2 (bb_func_txt.php) Remote File Include Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+:...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.12 views

MiniBB 1.2 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4619/info MiniBB is web forum software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. MiniBB does not filter script code from URL parameters, making it...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.25 views

miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28957/info miniBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.26 views

MiniBB Mambo Component <= 1.5a Remote File Include Vulnerabilities

No description provided by source. --------------------------------------------------------------------------------------------- MiniBB Forum Mambo Component = 1.5a Remote File Include Vulnerabilities -----------------------------------------------------------------------------------------------...

7.1AI score
Exploits0
Rows per page
Query Builder