FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
addad6de-d752-11e7-99bf-00e04c1ea73dmybb -- multiple vulnerabilities

mybb Team reports:

High risk: Language file headers RCE

Low risk: Language Pack Properties XSS


Discovery 2017-11-27
Entry 2017-12-02
mybb
< 1.8.14

https://blog.mybb.com/2017/11/28/mybb-1-8-14-released-security-maintenance-release/
13960f55-8d35-11e9-9ba0-4c72b94353b5mybb -- vulnerabilities

mybb Team reports:

High risk: Theme import stylesheet name RCE

High risk: Nested video MyCode persistent XSS

Medium risk: Find Orphaned Attachments reflected XSS

Medium risk: Post edit reflected XSS

Medium risk: Private Messaging folders SQL injection

Low risk: Potential phar deserialization through Upload Path


Discovery 2019-06-10
Entry 2019-06-12
mybb
< 1.8.21

https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/
db2acdac-b5a7-11e8-8f6f-00e04c1ea73dmybb -- vulnerabilities

mybb Team reports:

High risk: Image MyCode “alt” attribute persistent XSS.

Medium risk: RSS Atom 1.0 item title persistent XSS.


Discovery 2018-08-22
Entry 2018-09-11
mybb
< 1.8.18

https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/
395ed9d5-3cca-11e9-9ba0-4c72b94353b5mybb -- vulnerabilities

mybb Team reports:

Medium risk: Reset Password reflected XSS

Medium risk: ModCP Profile Editor username reflected XSS

Low risk: Predictable CSRF token for guest users

Low risk: ACP Stylesheet Properties XSS

Low risk: Reset Password username enumeration via email


Discovery 2019-02-27
Entry 2019-03-02
Modified 2019-03-04
mybb
< 1.8.20_1

https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/
beb6f4a8-add5-11de-8b55-0030843d3802mybb -- multiple vulnerabilities

mybb team reports:

Input passed via avatar extensions is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by uploading specially named avatars.

The script allows to sign up with usernames containing zero width space characters, which can be exploited to e.g. conduct spoofing attacks.


Discovery 2009-09-21
Entry 2009-09-30
mybb
< 1.4.9

36460
http://dev.mybboard.net/issues/464
http://dev.mybboard.net/issues/418
http://secunia.com/advisories/36803
http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/
bfd5d004-81d4-11e8-a29a-00e04c1ea73dmybb -- vulnerabilities

mybb Team reports:

High risk: Image and URL MyCode Persistent XSS

Medium risk: Multipage Reflected XSS

Low risk: ACP logs XSS

Low risk: Arbitrary file deletion via ACP’s Settings

Low risk: Login CSRF

Low risk: Non-video content embedding via Video MyCode


Discovery 2018-07-04
Entry 2018-07-07
mybb
< 1.8.16

https://blog.mybb.com/2018/07/04/mybb-1-8-16-released-security-maintenance-release/
ab38d9f8-b787-11e8-8e7a-00e04c1ea73dmybb -- vulnerabilities

mybb Team reports:

High risk: Email field SQL Injection.

Medium risk: Video MyCode Persistent XSS in Visual Editor.

Low risk: Insufficient permission check in User CP’s attachment management.

Low risk: Insufficient email address verification.


Discovery 2018-09-11
Entry 2018-09-13
mybb
< 1.8.19

https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/
7761288c-d148-11e7-87e5-00e04c1ea73dmybb -- multiple vulnerabilities

myBB Team reports:

High risk: Installer RCE on configuration file write

High risk: Language file headers RCE

Medium risk: Installer XSS

Medium risk: Mod CP Edit Profile XSS

Low risk: Insufficient moderator permission check in delayed moderation tools

Low risk: Announcements HTML filter bypass

Low risk: Language Pack Properties XSS.


Discovery 2017-11-07
Entry 2017-11-24
mybb
< 1.8.13

https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/
198a120d-c22d-11ea-9172-4c72b94353b5mybb -- multible vulnerabilities

mybb Team reports:

High risk: Installer RCE on settings file write

Medium risk: Arbitrary upload paths and Local File Inclusion RCE

Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data

Low risk: Open redirect on login

Low risk: SCEditor reflected XSS


Discovery 2019-12-30
Entry 2020-07-09
mybb
< 1.8.22

https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/
d50a50a2-2f3e-11e8-86f8-00e04c1ea73dmybb -- multiple vulnerabilities

mybb Team reports:

Medium risk: Tasks Local File Inclusion

Medium risk: Forum Password Check Bypass

Low risk: Admin Permissions Group Title XSS

Low risk: Attachment types file extension XSS

Low risk: Moderator Tools XSS

Low risk: Security Questions XSS

Low risk: Settings Management XSS

Low risk: Templates Set Name XSS

Low risk: Usergroup Promotions XSS

Low risk: Warning Types XSS


Discovery 2018-03-15
Entry 2018-03-24
mybb
< 1.8.15

https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/