miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28957/info miniBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

minibb 2.2 (css/sql/fpd) Multiple Vulnerabilities

No description provided by source. Author: GiReX Homepage: girex.altervista.org Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site: minibb.net Bug 1: Full Path Disclosure Bug 2: Cross Site Scripting Bug 3: Remote SQL Injection Need: registerglobals = On ---------------------------------------...

Sql injection

Multiple SQL injection vulnerabilities in 1 setupmysql.php and 2 setupoptions.php in miniBB 2.2 and possibly earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php...

CVE-2008-2029

CVE-2008-2029 concerns miniBB 2.2 (and possibly earlier) with vulnerabilities in setup_mysql.php and setup_options.php. The root cause is multiple SQL injection weaknesses when register_globals is enabled, permitting remote attackers to inject arbitrary SQL via the xtr parameter in a userinfo act...

minibb-xsssql.txt

Author: GiReX Homepage: girex.altervista.org Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site: minibb.net Bug 1: Full Path Disclosure Bug 2: Cross Site Scripting Bug 3: Remote SQL Injection Need: registerglobals = On --------------------------------------- 21/04/2008 Vendor informed 22/04/20...

MiniBB 2.2 - Cross-Site Scripting SQL Injection Full Path Disclosure

MiniBB 2.2 - Cross-Site Scripting SQL Injection Full Path Disclosure Author: GiReX Homepage: girex.altervista.org Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site: minibb.net Bug 1: Full Path Disclosure Bug 2: Cross Site Scripting Bug 3: Remote SQL Injection Need: registerglobals = On...