| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-4466 | 5.0 |
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in too
|
17-08-2017 - 01:31 | 30-12-2009 - 20:00 | |
| CVE-2009-4468 | 4.3 |
Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
17-08-2017 - 01:31 | 30-12-2009 - 20:00 | |
| CVE-2009-4465 | 7.5 |
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1)
|
17-08-2017 - 01:31 | 30-12-2009 - 20:00 | |
| CVE-2009-4467 | 4.0 |
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action.
|
17-08-2017 - 01:31 | 30-12-2009 - 20:00 |