FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
beb6f4a8-add5-11de-8b55-0030843d3802	mybb -- multiple vulnerabilities mybb team reports: Input passed via avatar extensions is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by uploading specially named avatars. The script allows to sign up with usernames containing zero width space characters, which can be exploited to e.g. conduct spoofing attacks. Discovery 2009-09-21 Entry 2009-09-30 mybb < 1.4.9 36460 http://dev.mybboard.net/issues/464 http://dev.mybboard.net/issues/418 http://secunia.com/advisories/36803 http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/

VuXML ID

Description

beb6f4a8-add5-11de-8b55-0030843d3802

mybb -- multiple vulnerabilities

mybb team reports:

Input passed via avatar extensions is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by uploading specially named avatars.

The script allows to sign up with usernames containing zero width space characters, which can be exploited to e.g. conduct spoofing attacks.

Discovery 2009-09-21
Entry 2009-09-30
mybb

< 1.4.9

36460
http://dev.mybboard.net/issues/464
http://dev.mybboard.net/issues/418
http://secunia.com/advisories/36803
http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/