Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20161110171551.GB22569@tunkki>
Date: Thu, 10 Nov 2016 19:15:51 +0200
From: Henri Salo <henri@...v.fi>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: CVE request: MyBB multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello MITRE,

Could you assign CVEs for following MyBB vulnerabilities, thank you.

Fixed in 1.8.6
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/

Medium Risk: Forum password bypass in xmlhttp.php – reported by Devilshakerz
Low Risk: SQL Injection in Grouppromotions module (ACP) – reported by Devilshakerz
Low Risk: Possible XSS Injection in the error handler – reported by FooBar123
Low Risk: Possible XSS issues in old upgrade files – reported by FooBar123
Low Risk: Possible Full Path Disclosure in publicly accessible error log files – reported by Devilshakerz


Fixed in 1.8.7
https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/

Medium risk: Possible SQL Injection in moderation tool – reported by jamslater
Low risk: Missing permission check in newreply.php – reported by StefanT
Low risk: Possible XSS Injection on login – reported by Devilshakerz
Low risk: Possible XSS Injection in member validation – reported by Tim Coen
Low risk: Possible XSS Injection in User CP – reported by Tim Coen
Low risk: Possible XSS Injection in Mod CP logs – reported by Starpaul20
Low risk: Possible XSS Injection when editing users in Mod CP – reported by Tim Coen
Low risk: Possible XSS Injection when pruning logs in ACP – reported by Devilshakerz
Low risk: Possibility of retrieving database details through templates – reported by Tim Coen
Low risk: Disclosure of ACP path when sending mails from ACP – reported by sarisisop
Low risk: Low adminsid & sid entropy – reported by Devilshakerz
Low risk: Clickjacking in ACP – reported by DingjieYang
Low risk: Missing directory listing protection in upload directories – reported by Tim Coen


Fixed in 1.8.8
https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/

Medium risk: Style import CSS overwrite on Windows servers – reported by patryk
Medium risk: SQL Injection in the users data handler – reported by afinepl
Medium risk: SSRF attack in fetch_remote_file() – reported by dawid_golunski
Medium risk: Possible short name access to ACP backups on Windows servers – reported by kevinoclam
Low risk: Stored XSS in the ACP – reported by patryk
Low risk: Loose comparison false positives – reported by Devilshakerz
Low risk: Possible XSS injection in ACP users module – reported by afinepl

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJYJKtHAAoJECet96ROqnV0LXgQAKrMRH9ArhiKKdS5UNsAdAtP
KWc/UEhW1TS/GXbXJ/byUS1EE4BP8KfzwPsVHsM4KDWx/bIVGjx8HK9sUA0lK1Uq
FFqzQieoAOex8gKS/yHWm4zuY7x2EVNSSl+pR0srnNJt8O1/GmYluDNgIj1BYIuK
ZdZSF7NuAilp7XG9Z9rxWl1yLtPH81rLhBkQDIR1xOyPruGCLxmAJ5Se059wTNfe
0wquNr2PisunO1PDmZ0nFTrmTfWWBzV2I3/UFYID9Z0vWd+gpZ6aSyGNFXLsQaS2
oRQwtlejxBy2updbDFkkTOB0PJN2ctA+Q5N3ueB+Vw+8Mamql54SlA0CJSe1s5/5
/4BxbOlB0Ju8HthyTWX8V4rugFj2rLNZxHOUaRel/aH83lLfLjjfxiX2mGla5KJH
zn5dmT4ADJRv5QPx9FubNv4R+YSh0keQsDuK+WIv4qw/I7WVPtLAc98NrSh0JRj5
KewS04rndPEk3E+T35i/KsC0D26Yr5h1seWfkCsv0lQ6lwFaS6opojKWNflvVkVy
dSIamrkKazi0w//VxrlVeA4kyZW17zflU00/yOyts5po05qSngPGqVZt5if6elor
G+NMTt3Dnt8OKzyuqwmCcnhkVwbAbx80ruDKGWcy5YAlKM/44x9hXdO2HcIFAbUf
rK8ZN9KBcR6VlQjXYqz2
=Cuu9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.