Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown
CVE-2010-4151
Disclosure Date: November 03, 2010 (last updated October 04, 2023)
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
0
Attacker Value
Unknown
CVE-2010-1859
Disclosure Date: May 07, 2010 (last updated October 04, 2023)
SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread.
0
Attacker Value
Unknown
CVE-2009-1033
Disclosure Date: March 20, 2009 (last updated October 04, 2023)
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
0
Attacker Value
Unknown
CVE-2008-6146
Disclosure Date: February 16, 2009 (last updated October 04, 2023)
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
0
Attacker Value
Unknown
CVE-2008-0439
Disclosure Date: January 23, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.
0
