Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by bbPress
CVE-2020-13693 (GCVE-0-2020-13693)
Vulnerability from cvelistv5 – Published: 2020-05-28 23:54 – Updated: 2024-08-04 12:25
VLAI
Summary
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://codex.bbpress.org/releases/ | x_refsource_MISC |
| https://wordpress.org/plugins/bbpress/#developers | x_refsource_MISC |
| https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/ | x_refsource_MISC |
| http://packetstormsecurity.com/files/157885/WordP… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codex.bbpress.org/releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T18:06:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codex.bbpress.org/releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codex.bbpress.org/releases/",
"refsource": "MISC",
"url": "https://codex.bbpress.org/releases/"
},
{
"name": "https://wordpress.org/plugins/bbpress/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"name": "https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/",
"refsource": "MISC",
"url": "https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/"
},
{
"name": "http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13693",
"datePublished": "2020-05-28T23:54:26.000Z",
"dateReserved": "2020-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13487 (GCVE-0-2020-13487)
Vulnerability from cvelistv5 – Published: 2020-05-26 13:10 – Updated: 2024-08-04 12:18
VLAI
Summary
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://codex.bbpress.org/releases/ | x_refsource_MISC |
| https://wordpress.org/plugins/bbpress/#developers | x_refsource_MISC |
| https://bbpress.org/ | x_refsource_MISC |
| https://www.youtube.com/watch?v=3rXP8CGTe08 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codex.bbpress.org/releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bbpress.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3rXP8CGTe08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T13:10:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codex.bbpress.org/releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bbpress.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3rXP8CGTe08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codex.bbpress.org/releases/",
"refsource": "MISC",
"url": "https://codex.bbpress.org/releases/"
},
{
"name": "https://wordpress.org/plugins/bbpress/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"name": "https://bbpress.org/",
"refsource": "MISC",
"url": "https://bbpress.org/"
},
{
"name": "https://www.youtube.com/watch?v=3rXP8CGTe08",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3rXP8CGTe08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13487",
"datePublished": "2020-05-26T13:10:48.000Z",
"dateReserved": "2020-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:18:18.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1150 (GCVE-0-2011-1150)
Vulnerability from cvelistv5 – Published: 2020-02-05 21:24 – Updated: 2024-08-06 22:14
VLAI
Summary
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bbPress",
"vendor": "bbPress",
"versions": [
{
"status": "affected",
"version": "through 1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T21:24:42.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bbPress",
"version": {
"version_data": [
{
"version_value": "through 1.0.2"
}
]
}
}
]
},
"vendor_name": "bbPress"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/03/14/20",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1150",
"datePublished": "2020-02-05T21:24:42.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3710 (GCVE-0-2011-3710)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-16 22:09
VLAI
Summary
bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3710",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:09:00.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3243 (GCVE-0-2007-3243)
Vulnerability from cvelistv5 – Published: 2007-06-15 01:00 – Updated: 2024-08-07 14:05
VLAI
Summary
Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.dragoslungu.com/2007/05/30/top-10-open… | x_refsource_MISC |
| http://osvdb.org/36818 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/24422 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.dragoslungu.com/2007/06/07/bbpress-xss… | x_refsource_MISC |
Date Public
2007-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55"
},
{
"name": "36818",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36818"
},
{
"name": "24422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24422"
},
{
"name": "bbpress-bblogin-xss(34947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55"
},
{
"name": "36818",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36818"
},
{
"name": "24422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24422"
},
{
"name": "bbpress-bblogin-xss(34947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55",
"refsource": "MISC",
"url": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55"
},
{
"name": "36818",
"refsource": "OSVDB",
"url": "http://osvdb.org/36818"
},
{
"name": "24422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24422"
},
{
"name": "bbpress-bblogin-xss(34947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34947"
},
{
"name": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/",
"refsource": "MISC",
"url": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3243",
"datePublished": "2007-06-15T01:00:00.000Z",
"dateReserved": "2007-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3244 (GCVE-0-2007-3244)
Vulnerability from cvelistv5 – Published: 2007-06-15 01:00 – Updated: 2024-08-07 14:05
VLAI
Summary
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://trac.bbpress.org/changeset/717 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/2219 | vdb-entryx_refsource_VUPEN |
| http://bbpress.org/blog/2007/02/bbpress-081/ | x_refsource_CONFIRM |
| http://osvdb.org/36606 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/25696 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24488 | vdb-entryx_refsource_BID |
| http://trac.bbpress.org/ticket/592 | x_refsource_CONFIRM |
Date Public
2007-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.bbpress.org/changeset/717"
},
{
"name": "ADV-2007-2219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bbpress.org/blog/2007/02/bbpress-081/"
},
{
"name": "36606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36606"
},
{
"name": "25696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25696"
},
{
"name": "24488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.bbpress.org/ticket/592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the \"quircky slashes bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.bbpress.org/changeset/717"
},
{
"name": "ADV-2007-2219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bbpress.org/blog/2007/02/bbpress-081/"
},
{
"name": "36606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36606"
},
{
"name": "25696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25696"
},
{
"name": "24488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.bbpress.org/ticket/592"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the \"quircky slashes bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.bbpress.org/changeset/717",
"refsource": "CONFIRM",
"url": "http://trac.bbpress.org/changeset/717"
},
{
"name": "ADV-2007-2219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2219"
},
{
"name": "http://bbpress.org/blog/2007/02/bbpress-081/",
"refsource": "CONFIRM",
"url": "http://bbpress.org/blog/2007/02/bbpress-081/"
},
{
"name": "36606",
"refsource": "OSVDB",
"url": "http://osvdb.org/36606"
},
{
"name": "25696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25696"
},
{
"name": "24488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24488"
},
{
"name": "http://trac.bbpress.org/ticket/592",
"refsource": "CONFIRM",
"url": "http://trac.bbpress.org/ticket/592"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3244",
"datePublished": "2007-06-15T01:00:00.000Z",
"dateReserved": "2007-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13693 (GCVE-0-2020-13693)
Vulnerability from nvd – Published: 2020-05-28 23:54 – Updated: 2024-08-04 12:25
VLAI
Summary
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://codex.bbpress.org/releases/ | x_refsource_MISC |
| https://wordpress.org/plugins/bbpress/#developers | x_refsource_MISC |
| https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/ | x_refsource_MISC |
| http://packetstormsecurity.com/files/157885/WordP… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codex.bbpress.org/releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T18:06:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codex.bbpress.org/releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codex.bbpress.org/releases/",
"refsource": "MISC",
"url": "https://codex.bbpress.org/releases/"
},
{
"name": "https://wordpress.org/plugins/bbpress/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"name": "https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/",
"refsource": "MISC",
"url": "https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/"
},
{
"name": "http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157885/WordPress-BBPress-2.5-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13693",
"datePublished": "2020-05-28T23:54:26.000Z",
"dateReserved": "2020-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13487 (GCVE-0-2020-13487)
Vulnerability from nvd – Published: 2020-05-26 13:10 – Updated: 2024-08-04 12:18
VLAI
Summary
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://codex.bbpress.org/releases/ | x_refsource_MISC |
| https://wordpress.org/plugins/bbpress/#developers | x_refsource_MISC |
| https://bbpress.org/ | x_refsource_MISC |
| https://www.youtube.com/watch?v=3rXP8CGTe08 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codex.bbpress.org/releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bbpress.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3rXP8CGTe08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T13:10:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codex.bbpress.org/releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bbpress.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3rXP8CGTe08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codex.bbpress.org/releases/",
"refsource": "MISC",
"url": "https://codex.bbpress.org/releases/"
},
{
"name": "https://wordpress.org/plugins/bbpress/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bbpress/#developers"
},
{
"name": "https://bbpress.org/",
"refsource": "MISC",
"url": "https://bbpress.org/"
},
{
"name": "https://www.youtube.com/watch?v=3rXP8CGTe08",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3rXP8CGTe08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13487",
"datePublished": "2020-05-26T13:10:48.000Z",
"dateReserved": "2020-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:18:18.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1150 (GCVE-0-2011-1150)
Vulnerability from nvd – Published: 2020-02-05 21:24 – Updated: 2024-08-06 22:14
VLAI
Summary
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bbPress",
"vendor": "bbPress",
"versions": [
{
"status": "affected",
"version": "through 1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T21:24:42.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bbPress",
"version": {
"version_data": [
{
"version_value": "through 1.0.2"
}
]
}
}
]
},
"vendor_name": "bbPress"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/03/14/20",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/03/14/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1150",
"datePublished": "2020-02-05T21:24:42.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3710 (GCVE-0-2011-3710)
Vulnerability from nvd – Published: 2011-09-23 23:00 – Updated: 2024-09-16 22:09
VLAI
Summary
bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3710",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:09:00.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3243 (GCVE-0-2007-3243)
Vulnerability from nvd – Published: 2007-06-15 01:00 – Updated: 2024-08-07 14:05
VLAI
Summary
Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.dragoslungu.com/2007/05/30/top-10-open… | x_refsource_MISC |
| http://osvdb.org/36818 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/24422 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.dragoslungu.com/2007/06/07/bbpress-xss… | x_refsource_MISC |
Date Public
2007-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55"
},
{
"name": "36818",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36818"
},
{
"name": "24422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24422"
},
{
"name": "bbpress-bblogin-xss(34947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55"
},
{
"name": "36818",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36818"
},
{
"name": "24422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24422"
},
{
"name": "bbpress-bblogin-xss(34947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55",
"refsource": "MISC",
"url": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55"
},
{
"name": "36818",
"refsource": "OSVDB",
"url": "http://osvdb.org/36818"
},
{
"name": "24422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24422"
},
{
"name": "bbpress-bblogin-xss(34947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34947"
},
{
"name": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/",
"refsource": "MISC",
"url": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3243",
"datePublished": "2007-06-15T01:00:00.000Z",
"dateReserved": "2007-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3244 (GCVE-0-2007-3244)
Vulnerability from nvd – Published: 2007-06-15 01:00 – Updated: 2024-08-07 14:05
VLAI
Summary
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://trac.bbpress.org/changeset/717 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/2219 | vdb-entryx_refsource_VUPEN |
| http://bbpress.org/blog/2007/02/bbpress-081/ | x_refsource_CONFIRM |
| http://osvdb.org/36606 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/25696 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24488 | vdb-entryx_refsource_BID |
| http://trac.bbpress.org/ticket/592 | x_refsource_CONFIRM |
Date Public
2007-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.bbpress.org/changeset/717"
},
{
"name": "ADV-2007-2219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bbpress.org/blog/2007/02/bbpress-081/"
},
{
"name": "36606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36606"
},
{
"name": "25696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25696"
},
{
"name": "24488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.bbpress.org/ticket/592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the \"quircky slashes bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.bbpress.org/changeset/717"
},
{
"name": "ADV-2007-2219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bbpress.org/blog/2007/02/bbpress-081/"
},
{
"name": "36606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36606"
},
{
"name": "25696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25696"
},
{
"name": "24488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.bbpress.org/ticket/592"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the \"quircky slashes bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.bbpress.org/changeset/717",
"refsource": "CONFIRM",
"url": "http://trac.bbpress.org/changeset/717"
},
{
"name": "ADV-2007-2219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2219"
},
{
"name": "http://bbpress.org/blog/2007/02/bbpress-081/",
"refsource": "CONFIRM",
"url": "http://bbpress.org/blog/2007/02/bbpress-081/"
},
{
"name": "36606",
"refsource": "OSVDB",
"url": "http://osvdb.org/36606"
},
{
"name": "25696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25696"
},
{
"name": "24488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24488"
},
{
"name": "http://trac.bbpress.org/ticket/592",
"refsource": "CONFIRM",
"url": "http://trac.bbpress.org/ticket/592"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3244",
"datePublished": "2007-06-15T01:00:00.000Z",
"dateReserved": "2007-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}