Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deluxebb deluxebb 1.08 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-5154
PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the templatefolder parameter.
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.08
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.06
1 EDB exploit
6.8
CVSSv2
CVE-2008-6146
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
Deluxebb Deluxebb
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb 1.08
Deluxebb Deluxebb 1.1
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.06
1 EDB exploit
7.5
CVSSv2
CVE-2006-4078
pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote malicious users to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
Deluxebb Deluxebb 1.08
6.8
CVSSv2
CVE-2010-1859
SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the membercookie cookie when adding a new thread.
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb
Deluxebb Deluxebb 1.2
Deluxebb Deluxebb 1.1
Deluxebb Deluxebb 1.08
Deluxebb Deluxebb 1.06
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.07
1 EDB exploit
6.8
CVSSv2
CVE-2010-4151
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006...
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.08
Deluxebb Deluxebb 1.2
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.06
Deluxebb Deluxebb 1.1
1 EDB exploit
7.5
CVSSv2
CVE-2009-1033
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb 1.1
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.2
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.06
Deluxebb Deluxebb 1.08
1 EDB exploit
6.8
CVSSv2
CVE-2006-4079
Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote malicious users to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb
Deluxebb Deluxebb 1.06
Deluxebb Deluxebb 1.07
2.6
CVSSv2
CVE-2006-4080
DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote malicious users to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.
Deluxebb Deluxebb 1.06
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb
2.6
CVSSv2
CVE-2006-3795
Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB prior to 1.08 allow remote malicious users to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.
Deluxebb Deluxebb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started