SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005)


Arrow  SecurityAlert : 175
Arrow  CVE : CVE-2005-3777
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : No
Arrow  Credit : syini666 gmail com
Arrow  Published : 14.11.2005

Arrow  Affected Software : MyBB



Arrow  Advisory Content :  

Description: MyBB is a powerful, efficient and free forum package
developed in PHP and MySQL. MyBB has been designed with the end users
in mind, you and your subscribers. Full control over your discussion
system is presented right at the tip of your fingers, from multiple
styles and themes to the ultimate customisation of your forums using
the template system.

Bug 1: The Subject field for new threads doesn't sanitize user input before
storing it in the database allowing for injection of HTML as well as
JavaScript which could lead to the theft of cookies

Bug 2: The Repuration system allows for similar injection of HTML and
JavaScript which renders on the UserCP

Bug 3: By editing the inbox form which has delete and move options for PMs
its possible to specify any pm in any inbox just by knowing or guessing the
id number.

Bug #1 was marked as fixed in the MyBB forums but as of the November 1st
release on the website the bug has in fact not been fixed. Information
regarding the 3rd bug was sent via PM to the MyBB staff on the 27th of
October but was also not pactched in the latest version.

I generally don't like to comment outside of the actual bugs but I feel
that marking items as patched and then not fixing them is irresponsible and
at this point I would advise anyone considering MyBB as a forum platform to
honestly look elsewhere as they have some issues in resolving bugs.

--
"The Nelson-Shepherd cutoff: The point at which you realise someone is an
idiot while trying to help them."




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass
Copyright © SecurityReason.com. All Rights Reserved.