Search Results (29 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3304 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
CVE-2006-4078 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
CVE-2006-4079 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).
CVE-2006-4080 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.
CVE-2006-3799 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
CVE-2006-3795 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.
CVE-2010-1859 1 Deluxebb 1 Deluxebb 2025-04-11 N/A
SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread.
CVE-2010-4151 1 Deluxebb 1 Deluxebb 2025-04-11 N/A
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
CVE-2011-3725 1 Deluxebb 1 Deluxebb 2025-04-11 N/A
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by header_html.php.