oss-sec mailing list archives
Re: CVE request: mybb < 1.4.1
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 9 Sep 2008 10:37:18 -0400 (EDT)
On Tue, 9 Sep 2008, Hanno [utf-8] B??ck wrote:
http://community.mybboard.net/showthread.php?tid=36022 Hmm, they mention vulns, but they don't give any info about...
That post links to a patch file that gives a lot of clues: http://community.mybboard.net/attachment.php?aid=10579 Looks like: CVE-2008-3965 ------------- misc.php - SQL injection CVE-2008-3966 ------------- usercp2.php, inc/functions_online.php, moderation.php - XSS CVE-2008-3967 ------------- moderation.php also has some privilege/permission checking (see "is_moderator_by_tids") These will be filled in later. - Steve
Current thread:
- CVE request: mybb < 1.4.1 Hanno Böck (Sep 09)
- Re: CVE request: mybb < 1.4.1 Steven M. Christey (Sep 09)