Filtered by vendor Deluxebb
Subscriptions
Filtered by product Deluxebb
Subscriptions
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4467 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action. | ||||
| CVE-2008-0439 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter. | ||||
| CVE-2008-2194 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2008-2195 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI. | ||||
| CVE-2009-4468 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2007-6237 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php. | ||||
| CVE-2008-6146 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989. | ||||
| CVE-2009-1033 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503. | ||||
| CVE-2006-5154 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. | ||||