DeluxeBB 1.1

CPE Details

DeluxeBB 1.1
deluxebb
deluxebb
1.1
2023-12-29
15h41 +00:00
2023-12-29
15h41 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:deluxebb:deluxebb:1.1:*:*:*:*:*:*:*

Informations

Vendor

deluxebb

Product

deluxebb

Version

1.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2010-4151 2010-11-03 18h00 +00:00 SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
6.8
CVE-2010-1859 2010-05-07 22h00 +00:00 SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread.
6.8
CVE-2009-1033 2009-03-20 17h00 +00:00 SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
7.5
CVE-2008-6146 2009-02-16 16h00 +00:00 SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
6.8
CVE-2008-2194 2008-05-14 15h00 +00:00 SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
7.5
CVE-2008-2195 2008-05-14 15h00 +00:00 Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
6.5
CVE-2008-0439 2008-01-23 20h00 +00:00 Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.
4.3
CVE-2006-4558 2006-09-05 22h00 +00:00 DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
7.5
CVE-2006-4079 2006-08-10 23h00 +00:00 Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).
6.8
CVE-2006-4080 2006-08-10 23h00 +00:00 DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.
2.6
CVE-2006-3795 2006-07-21 19h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.
2.6
CVE-2006-3796 2006-07-21 19h00 +00:00 DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user.
7.5
CVE-2006-3303 2006-06-28 23h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters.
4.3
CVE-2006-3304 2006-06-28 23h00 +00:00 SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
7.5