Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Nov 2016 19:15:51 +0200
From: Henri Salo <henri@...v.fi>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: CVE request: MyBB multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello MITRE,

Could you assign CVEs for following MyBB vulnerabilities, thank you.

Fixed in 1.8.6
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/

Medium Risk: Forum password bypass in xmlhttp.php – reported by Devilshakerz
Low Risk: SQL Injection in Grouppromotions module (ACP) – reported by Devilshakerz
Low Risk: Possible XSS Injection in the error handler – reported by FooBar123
Low Risk: Possible XSS issues in old upgrade files – reported by FooBar123
Low Risk: Possible Full Path Disclosure in publicly accessible error log files – reported by Devilshakerz


Fixed in 1.8.7
https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/

Medium risk: Possible SQL Injection in moderation tool – reported by jamslater
Low risk: Missing permission check in newreply.php – reported by StefanT
Low risk: Possible XSS Injection on login – reported by Devilshakerz
Low risk: Possible XSS Injection in member validation – reported by Tim Coen
Low risk: Possible XSS Injection in User CP – reported by Tim Coen
Low risk: Possible XSS Injection in Mod CP logs – reported by Starpaul20
Low risk: Possible XSS Injection when editing users in Mod CP – reported by Tim Coen
Low risk: Possible XSS Injection when pruning logs in ACP – reported by Devilshakerz
Low risk: Possibility of retrieving database details through templates – reported by Tim Coen
Low risk: Disclosure of ACP path when sending mails from ACP – reported by sarisisop
Low risk: Low adminsid & sid entropy – reported by Devilshakerz
Low risk: Clickjacking in ACP – reported by DingjieYang
Low risk: Missing directory listing protection in upload directories – reported by Tim Coen


Fixed in 1.8.8
https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/

Medium risk: Style import CSS overwrite on Windows servers – reported by patryk
Medium risk: SQL Injection in the users data handler – reported by afinepl
Medium risk: SSRF attack in fetch_remote_file() – reported by dawid_golunski
Medium risk: Possible short name access to ACP backups on Windows servers – reported by kevinoclam
Low risk: Stored XSS in the ACP – reported by patryk
Low risk: Loose comparison false positives – reported by Devilshakerz
Low risk: Possible XSS injection in ACP users module – reported by afinepl

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJYJKtHAAoJECet96ROqnV0LXgQAKrMRH9ArhiKKdS5UNsAdAtP
KWc/UEhW1TS/GXbXJ/byUS1EE4BP8KfzwPsVHsM4KDWx/bIVGjx8HK9sUA0lK1Uq
FFqzQieoAOex8gKS/yHWm4zuY7x2EVNSSl+pR0srnNJt8O1/GmYluDNgIj1BYIuK
ZdZSF7NuAilp7XG9Z9rxWl1yLtPH81rLhBkQDIR1xOyPruGCLxmAJ5Se059wTNfe
0wquNr2PisunO1PDmZ0nFTrmTfWWBzV2I3/UFYID9Z0vWd+gpZ6aSyGNFXLsQaS2
oRQwtlejxBy2updbDFkkTOB0PJN2ctA+Q5N3ueB+Vw+8Mamql54SlA0CJSe1s5/5
/4BxbOlB0Ju8HthyTWX8V4rugFj2rLNZxHOUaRel/aH83lLfLjjfxiX2mGla5KJH
zn5dmT4ADJRv5QPx9FubNv4R+YSh0keQsDuK+WIv4qw/I7WVPtLAc98NrSh0JRj5
KewS04rndPEk3E+T35i/KsC0D26Yr5h1seWfkCsv0lQ6lwFaS6opojKWNflvVkVy
dSIamrkKazi0w//VxrlVeA4kyZW17zflU00/yOyts5po05qSngPGqVZt5if6elor
G+NMTt3Dnt8OKzyuqwmCcnhkVwbAbx80ruDKGWcy5YAlKM/44x9hXdO2HcIFAbUf
rK8ZN9KBcR6VlQjXYqz2
=Cuu9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ