172 matches found
CVE-2018-6506
Affected software: miniBB 3.2.2. Vulnerability: Cross-Site Scripting (XSS) in the Add Forum feature of the Administrative Panel. Root cause: crafted use of an onload attribute of an SVG element in the supertitle field. Impact (as stated): enables script execution in the context of the user’s brow...
miniBB Cross-Site Scripting Vulnerability
miniBB full name Minimalistic Bulletin Board is a free, open source Internet forum software. The software supports a variety of forum styles , multiple interface languages , multiple time zones , plug-ins and extensions , etc. Administrative Panel is one of the administrative panel . A cross-site...
MiniBB 3.1.1 Cross Site Scripting Vulnerability
MiniBB version 3.1.1 suffers from a cross site scripting vulnerability. 1. Introduction Affected Product: MiniBB 3.1.1 Fixed in: 3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: email protected Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendo...
MiniBB 3.1.1 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: MiniBB 3.1.1 Fixed in: 3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to...
miniBB bb_func_unsub.php 'code' Parameter Blind SQL Injection Vulnerability
miniBB is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-9254
bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...
Sql injection
bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...
CVE-2014-9254
Mode C The CVE affects MiniBB 3.1 prior to 2014-11-27. The vulnerability is a SQL injection in the bb_func_unsub.php code path exposed through the unsubscribe action, caused by an unanchored regular expression in preg_match that inaccurately validates the code parameter. This allows remote attack...
CVE-2014-9254
bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...
miniBB 3.1 Blind SQL Injection
Exploit Title: miniBB 3.1 Blind SQL Injection Date: 23-11-2014 Software Link: http://www.minibb.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9254 Category: webapps 1. Description pregmatch only check if $GET'code'...
miniBB 3.1 Blind SQL Injection Vulnerability
miniBB version 3.1 suffers from a remote blind SQL injection vulnerability. Exploit Title: miniBB 3.1 Blind SQL Injection Date: 23-11-2014 Software Link: http://www.minibb.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE:...
miniBB keyword_replacer <= 1.0 (pathToFiles) File Include Vulnerability
No description provided by source. --------------------------------------------------------------------------- miniBB keywordreplacer = 1.0 pathToFiles Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian...
minibb 2.2 (css/sql/fpd) Multiple Vulnerabilities
No description provided by source. Author: GiReX Homepage: girex.altervista.org Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site: minibb.net Bug 1: Full Path Disclosure Bug 2: Cross Site Scripting Bug 3: Remote SQL Injection Need: registerglobals = On ---------------------------------------...
MiniBB 1.5 News.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19095/info MiniBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP co...
miniBB - Input Validation Hole ('user')
No description provided by source. Example: http://target/minibb/index.php?action=userinfo&user=1%20union%20select%201,2,userpassword%20from%20minibbusers/ milw0rm.com 2004-11-16...
MiniBB 2.5 - SQL Injection Vulnerability
No description provided by source. Vulnerability ID: HTB22671 Reference: http://www.htbridge.ch/advisory/sqlinjectioninminibb.html Product: MiniBB Vendor: MiniBB.com http://www.minibb.com/ Vulnerable Version: 2.5 Vendor Notification: 21 October 2010 Vulnerability Type: SQL Injection Status: Not...
miniBB <= 2.0.2 (bb_func_txt.php) Remote File Include Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+:...
MiniBB 1.2 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4619/info MiniBB is web forum software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. MiniBB does not filter script code from URL parameters, making it...
miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28957/info miniBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
MiniBB Mambo Component <= 1.5a Remote File Include Vulnerabilities
No description provided by source. --------------------------------------------------------------------------------------------- MiniBB Forum Mambo Component = 1.5a Remote File Include Vulnerabilities -----------------------------------------------------------------------------------------------...