Vulnerabilities > CVE-2006-4078 - Unspecified vulnerability in Deluxebb 1.08
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://secunia.com/advisories/21387
- http://secunia.com/advisories/21387
- http://securityreason.com/securityalert/1381
- http://securityreason.com/securityalert/1381
- http://www.osvdb.org/27834
- http://www.osvdb.org/27834
- http://www.securityfocus.com/archive/1/442464/100/0/threaded
- http://www.securityfocus.com/archive/1/442464/100/0/threaded
- http://www.securityfocus.com/bid/19418
- http://www.securityfocus.com/bid/19418
- http://www.vupen.com/english/advisories/2006/3188
- http://www.vupen.com/english/advisories/2006/3188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28270
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28270