Pd9 Software Megabbs vulnerabilities
7 known vulnerabilities affecting pd9_software/megabbs.
Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2008-2023P3HIGHCVSS 7.5PoCv2.22008-04-30
CVE-2008-2023 [HIGH] CWE-89 CVE-2008-2023: Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.
nvd
CVE-2008-2022P4MEDIUMCVSS 4.3PoCv2.22008-04-30
CVE-2008-2022 [MEDIUM] CWE-79 CVE-2008-2022: Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attack
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication.
nvd
CVE-2008-0436P4MEDIUMCVSS 4.3PoCv1.5.14b2008-01-23
CVE-2008-0436 [MEDIUM] CWE-79 CVE-2008-0436: Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14
Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter.
nvd
CVE-2004-2145P4HIGHCVSS 7.5v2v2.12004-12-31
CVE-2004-2145 [HIGH] CVE-2004-2145: SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arb
SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memberid or (4) teamid parameter to view-profile.asp.
nvd
CVE-2004-2653P4HIGHCVSS 7.5v2.0v2.12004-12-31
CVE-2004-2653 [HIGH] CVE-2004-2653: Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges vi
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
nvd
CVE-2006-0139P4MEDIUMCVSS 5.0v2.0v2.12006-01-09
CVE-2006-0139 [MEDIUM] CVE-2006-0139: The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows
The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter.
nvd
CVE-2004-2146P4MEDIUMCVSS 5.0v2v2.12004-12-31
CVE-2004-2146 [MEDIUM] CVE-2004-2146: CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP resp
CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp.
nvd