Vulnerabilities > PD9 Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-04-30 | CVE-2008-2023 | SQL Injection vulnerability in PD9 Software Megabbs 2.2 Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp. | 7.5 |
| 2008-04-30 | CVE-2008-2022 | Cross-Site Scripting vulnerability in PD9 Software Megabbs 2.2 Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. | 4.3 |
| 2008-01-23 | CVE-2008-0436 | Cross-Site Scripting vulnerability in PD9 Software Megabbs 1.5.14B Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter. | 4.3 |
| 2006-01-09 | CVE-2006-0139 | Information Disclosure vulnerability in PD9 Software MegaBBS Private Message The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter. | 5.0 |
| 2004-12-31 | CVE-2004-2653 | Remote Security vulnerability in Megabbs 2.0/2.1 Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2146 | Remote Security vulnerability in Megabbs 2/2.1 CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp. | 5.0 |
| 2004-12-31 | CVE-2004-2145 | SQL-Injection vulnerability in Megabbs 2/2.1 SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memberid or (4) teamid parameter to view-profile.asp. | 7.5 |